Page A-1: IT Governance experience

Complete the top section (Name and Exam ID number) of pages A1-A4 of the application form located on the following pages. Also on page A1 include the name, title, e-mail address and business phone number of your immediate supervisor. Finally, provide the name, title, company, business phone number and e-mail address for each person who you requested to verify your work experience and you must sign and date the page.

Section A—Information Technology (IT) Governance Experience

For each employer (starting with the most current), enter the following information:

• Name of employer where information technology (IT) governance services were performed
• Job title held where IT governance experience is claimed. If multiple positions were held use one line for each title.
• Date range (month and year) in which IT governance services were performed.
• Number of years and months, by employer and in total, performing IT governance services.
• CGEIT job practice domains (see pages V1 and V2) in which IT governance tasks were performed. Please note that a minimum of one year of experience must have been gained in domain 1, with additional experience gained in two or more of domains 2 through 6.
• Determine your total cumulative years of experience in CGEIT Domain 1—IT Governance Framework only. Are your total cumulative years of experience in CGEIT Domain 1 greater than 1 year? Enter Yes or No.

Section B—Substitution for IT Governance Experience—(1) Other Management Experience

For each employer (starting with the most current), enter information pertaining to other management experience gained that is not specific to IT governance (e.g. consulting, auditing, assurance or security management role unrelated to the CGEIT domains). Experience claimed in Section A cannot also be claimed in Section B.

• Name of employer where other management services were performed (can be same employer as section A).
• Job title held where other management experience is claimed.
• Date range (month and year) in which other management experience was gained (cannot be same dates as section A).
• Number of years and months, by employer and in total, gaining other management experience (one [1] year maximum).

Section B—Substitution for IT Governance Experience—(2) Credentials, Advanced (post-graduate) Degrees and Certificates

Enter information pertaining to each IT governance and/or management related certification, advanced (post-graduate) degree or certificate earned.

• Certifications and certificates held in good standing (include copy of certification or letter indicating good standing), excluding CISA and CISM.
• Advanced (post-graduate) degree in governance, IT or management (for example: Masters in Corporate Governance, Masters of Business Administration, Masters in Information and Operations Management, Masters of Information Systems Management, Masters in Information Technology, Masters in Computer Auditing) including the name of the institution where earned, the degree name and the date the degree was awarded. (A copy of an original diploma, transcript or letter confirming degree status must accompany you application.) DO NOT SEND THE COPY SEPARATELY.
• Record and total the duration of experience in the Section B Summary.

Section C—Summary of Work Experience

Record the total number of years and months from sections A and B in the appropriate box. The total in Section A must be three (3) or more years, including one (1) year of experience performing tasks in domain 1. The total in Section B can be no greater than two (2) years, which is the maximum allowable experience substitution allowed. Add Sections A and B and record the total number of years and months in the box following the line titled "Total Work Experience." This total must be equal to or greater than five (5) years to qualify for CGEIT certification.

Page A-2: Verifier Information/Acknowledgement

Complete top section of page A-2 with your (Applicant) name, Exam ID#, e-mail address and your (Applicant) phone number:

Section D—Verifier Information

For each employer listed in Section A and Section B, enter the employer name, verifier name, verifier job title, business phone numbers and email address of the person who will attest to your work experience for that employer. The employer name is the name of your employer from Section A and/or B that the verifier is verifying your experience from.

Read the acknowledgement. Print and sign your name and date the application at the bottom of page A-2. Your application is not complete and will not be accepted unless you have signed and dated this page.

Pages V-1, V-2, V-3: Verification of Work Experience Forms

You are required to have your work experience claimed in sections A and B verified by a person qualified to do so. This person should be your immediate supervisor or a person of higher position within your organization. If one person cannot verify all required experience, previous employers must be asked to verify experience. If they are able to, it is permissible for one verifier to verify all of your work experience. If the current employer cannot verify your experience, a colleague at a previous employer can also be used. It is also acceptable for knowledgeable clients to verify work experience. The individual verifying your work experience must be an independent verifier and not of any relation to the applicant nor can the verifier verify his/her own work.

Page V-1— Verification Form

Complete top portion of form with your (Applicant) name, Exam ID#, e-mail address on page V-1.

Section E—Applicant request to verifier for work experience verification

Review section. Complete with your name (Printed Name) and sign and date by Applicant’s Signature.

Section F—Verification of Work Experience

This section is to be completed by each individual who you have chosen (from page V-2) to verify your work experience. Two copes of the verification of Work Experience form are included for convenience only.

Give the verification form pages V-1, V-2, V-3 to each person(s) verifying your specific work experience; and a copy of your completed application. It is suggested that you sit with each verifier in order to confirm the tasks that you have claimed (checked off) to have performed on your application for certification. Your verifier will need to complete the form, answering all 5 questions, and review the task statements checked on the form. Your verifier will sign and date the form where indicated on page V-1 verifier signature and date. Two copies of the form are included. If additional copies are required, photocopy the form.

Pages V-2 and V-3—CGEIT Job Practice Areas (Task Statements)

Complete the top portion of form pages V-2 and V-3 with your (Applicant) Name, Exam ID number and Verifier Name. Note that each of your verifiers will need a copy of verification pages V-1, V-2 and V-3 in order to complete the verification.

Review the job practice domain statements. Check off each job practice statement within each domain that applies to your IT governance experience. Your verifier is to review and confirm that the task statements checked off apply to the work experience that is being verified. Your verifier will answer the corresponding question number four in Section E.

Collect verification form(s) from your verifier(s). Send in completed verification forms (verification form pages V-1, V-2 and V-3 for each verifier) with your application. DO NOT SEND THIS INFORMATION IN SEPARATELY.

Please note that verification forms are subject to an audit and verifiers may be contacted to confirm their completion and verification of the work experience form that they signed.

Applicant Name:

Exam ID #:

A. IT Governance Experience —For each employer (starting with the most current), enter information pertaining to the positions where you have performed tasks specifically described in the CGEIT job practice domains (see pages V1-V2 for task descriptions).

Employer Name and Job Title

Dates of employment performing CGEIT tasks

Duration of experience

CGEIT job practice areas in which tasks were performed (check all that apply below the number of each domain)

1

Employer Name

MM/YY

to

MM/YY

Years

Months

1

2

3

4

5

6

Job Title

to

2

Employer Name

MM/YY

to

MM/YY

Years

Months

1

2

3

4

5

6

Job Title

to

3

Employer Name

MM/YY

to

MM/YY

Years

Months

1

2

3

4

5

6

Job Title

to

Add the years and months of duration of experience and total to the right (must be a total of three or more years) in Section A.

Total:

Are your total cumulative years of experience in CGEIT Domain 1 greater than 1 year? ____________ (Enter Yes or No)

B. Substitutions for IT Governance Experience (two (2) years maximum allowed) To recognize other management experience and/or the achievement of IT-governance related credentials, advanced (post-graduate) degrees and certificates, up to two (2) years of experience can be substituted. (1) Other Management Experience (up to one (1) year substitution) For each employer (starting with the most current), enter information pertaining to the positions where you have had other management responsibility. This experience cannot be claimed during the same dates of employment in section A above.

Employer Name Job Title Dates of Employment Duration of Experience MM/YY to MM/YY Years Months 1 to 2 to 3 to Total years and months of other management experience (maximum 1 year):

(2) Credentials, Advanced Degrees and Certificates (one (1) year substitution each.)

One year of experience may be substituted for each of the following credentials, advanced (post-graduate) degrees and certificates. Check each that apply below.

Yes  CISA in good standing with ISACA Yes  CISM in good standing with ISACA Yes  CITP in good standing with the American Institute of CPAs (attach a copy of your certificate) Yes  CITP in good standing with the British Computer Society (attach a copy of your certificate) Yes  PMP in good standing the Project Management Institute (attach a copy of your certificate) Yes  I.S.P. in good standing with the Canadian Information Processing Society (attach a copy of your certificate) Yes  CIA issued by the Institute of Internal Auditors (attach a copy of your certificate) Yes  CBM issued by The Association of Professionals in Business Management (attach a copy of your certificate) Yes  Achieved ITIL Service Manager certification (attach a copy of your certificate) Yes  Achieved Implementing IT Governance using COBIT or Val IT certificate issued by ISACA (Val IT certificate available in 2009) Yes  Achieved Prince2—Registered Practitioner certification from the Office of Government Commerce (attach a copy of your certificate) Yes  Other: (please list) Yes  Other: (please list)

Applicant Name:

Exam ID #:

Page A1.1

Institution Name

Degree name

Date awarded

B. Summary
	Duration of Experience
Substitutions Claimed	Years	Months
(1) Other Management Experience
(2) Credentials, Advanced Degrees and Certificates
Total:

C. Summary of Work Experience

Record the total number of years from sections A and B in the appropriate box below. The total in box A must be three (3) years or more. The total in box B can be no greater than two (2) years, which is the maximum allowable substitution allowed.
	Years	Months
Total years of IT governance experience (Must be 3 years or more)			from Section A above
Total number of years being substituted (Must be 2 years or less)			from Section B Summary above
Total Work Experience—add boxes (Must be 5 years or more)			Total

Page A2

Applicant Information
First Name Middle Name/Initial Last/Family Exam ID#
E-mail Address:	Applicant's Phone Number:
Immediate Supervisor Name:	Supervisor Title
Supervisor E-mail Address:	Supervisor Business Phone:
Person(s) you have requested to verify your work experience (a work experience verification form must be submitted for each person listed below):
Verifier(s) Contact Information
1. Name:	Title:
Company:	Business Phone Number:
E-mail Address:
2. Name:	Title:
Company:	Business Phone Number:
E-mail Address:
3. Name:	Title:
Company:	Business Phone Number:
E-mail Address:
ISACA reserves the right to contact your immediate supervisor and verifiers for confirmation of work experience.
I hereby apply to ISACA for certification, as Certified in the Governance of Enterprise IT (CGEIT) in accordance with and subject to the procedures and regulations of ISACA. I have read and agree to the conditions set forth in the Application for CGEIT Certification and CGEIT Continuing Professional Education Policy in effect at the time of my application, covering the certification process, and Continuing Education policies. I agree to denial of certification and to forfeiture of the application fee and redelivery of any certificate or other credential granted me by ISACA in the event that any of the statements or answers made by me in this application are false or in the event that I violate any of the rules or regulations governing the CGEIT certification program. I understand that all certificates are owned by ISACA and if my certificate is granted and then revoked, I will destroy the certificate. I authorize ISACA to make whatever inquiries and investigations it deems necessary to verify my credentials and my professional standing. If you become a Certified In The Governance of IT, your certification status will become public, and may be disclosed by ISACA to third parties who inquire. If my application is not approved, I understand that I am able to appeal the decision by contacting certification@isaca.org. By signing below, you authorize ISACA to disclose your certification status. The contact information will be used to fulfill your request, and may also be used by ISACA to send you information about related ISACA goods and services, and other information in which we believe you may be interested. By signing below, you authorize ISACA to contact you at the address and numbers you have provided, including to provide you with marketing and promotional communications. You further represent that the information you provided is yours and is accurate. To learn more about how we use the information you have provided on this form, please read our Privacy Policy, available at www.isaca.org. If you are already an ISACA member, and/or if you elect to attend one of our events or purchase other ISACA programs or services, information you submit may also be used as described to you at that time. I hereby agree to hold ISACA, its officers, directors, examiners, employees, and agents, harmless from any complaint, claim, or damage arising out of any action or omission by any of them in connection with this application; the application process; the failure to issue me any certificate; or any demand for forfeiture or redelivery of such certificate. Notwithstanding the above, I understand and agree that any action arising out of, or pertaining to this application must be brought in the Circuit Court of Cook County, Illinois, USA, and shall be governed by the laws of the State of Illinois, USA. I UNDERSTAND THAT THE DECISION AS TO WHETHER I QUALIFY FOR CERTIFICATION RESTS SOLELY AND EXCLUSIVELY WITH ISACA AND THAT THE DECISION OF ISACA IS FINAL. I HAVE READ AND UNDERSTAND THESE STATEMENTS AND INTEND TO BE LEGALLY BOUND BY THEM.
Name: Date: Signature:   (For your application to be complete you must sign and date on the line above.)

Applicant Name:

Exam ID #:

Page V1

Verification of Work Experience

I, , am applying through ISACA for the Certified in the Governance of Enterprise IT (CGEIT) certification. As such, my IT governance and management work experience must be independently verified by my current and/or previous employer(s). The individual verifying the work experience must be an independent verifier and not of any relation to the applicant nor can the applicant verify his/her own work. If I currently or once worked as an independent consultant, I can use a knowledgeable client or colleague to perform this role. I would appreciate your cooperation in completing this form, by verifying my IT governance and/or management work experience as noted on my application form attached and as described by CGEIT job practice domains and task statements (see below and reverse side of form). Please return the completed form to me for my submission to ISACA. If you have any questions concerning this form, please direct them to cgeitapplication@isaca.org or +1.847.660.5660. Thank you. DateApplicant's Signature

Employer's Verification Information
Verifier's Name	Company Name
Professional Title
Street Address	State / Province
Street Address Line 2	Postal/Zip Code
City	Country
Company Telephone Number	Company Email Address
Name of Company being verified in Section A1

The following statements are to be confirmed by the Verifier after printing the application:
1.	I have functioned in a supervisory or other related position to the applicant and can verify his/her IT governance work experience (see Section A of Application).	Yes   No   N/A
2.	I can attest to the duration of the applicant's other management work experience (see Section B of Application) with my organization.	Yes No N/A
3.	I am qualified and willing to verify the applicant's:
	• IT governance work experience (see Section A of Application) prior to his/her affiliation with my organization.	Yes No N/A
	• Other management work experience (see Section B of Application) prior to his/her affiliation with my organization.	Yes No N/A
4.	If verifying IT governance work experience:
	• I can attest that the tasks performed by the applicant with my organization, as listed on pages V2 and V3 of this form, are correct to the best of my knowledge. If no, what is incorrect?	Yes No
	• I can attest to the fact that, according to the CGEIT job practice domains and task statements, the applicant has worked in, and is competent in, performing tasks in these areas.	Yes No
5.	Is there any reason you believe this applicant should not be certified in the governance of enterprise IT?	Yes No
Date Verifier's Signature

Applicant Name:

Exam ID #:

Page V2

Verifier Name:

CGEIT Job Practice Areas

Domain 1—IT Governance Framework—Develop, or be part of the development of, an IT governance framework that includes the following responsibilities and tasks.
	Define the requirements and objectives for, and drive the establishment of, IT governance in an enterprise, considering values, philosophy, management style, IT awareness, organization, standards and policies.
	Ensure that an IT governance framework exists and is based on a comprehensive and repeatable IT process and control model that is aligned with the enterprise governance framework.
	Establish appropriate management governance structures, such as an enterprise investment committee, IT strategy committee, IT steering committee, technology council, IT architecture review board, business needs committee and IT audit committee.
	Ensure that the enterprise and IT governance frameworks enable the enterprise to achieve optimal value for the enterprise.
	Confirm that the IT governance framework ensures compliance with applicable external requirements and ethical statements that are aligned with, and confirm delivery of, the enterprise’s goals, strategies and objectives.
	Obtain independent assurance that IT conforms with relevant external requirements; contractual terms; organizational policies, plans and procedures; generally accepted practices; and the effective and efficient practice of IT.
	Apply IT best practices to enable the business to achieve optimal value from implementation of IT services and IT-enabled business solutions.
	Ensure the establishment of a framework for IT governance monitoring (considering cost/benefits analyses of controls, return on investment for continuous monitoring, etc.), an approach to track all IT governance issues and remedial actions to closure, and a lessons-learned process.
	Ensure that appropriate roles, responsibilities and accountabilities are established and enforced for information requirements, data and system ownership, IT processes, and benefits and value realization.
	Report IT governance status and issues, and effect transparency in reporting.
	Establish a communications plan to continuously market, communicate and reinforce the need and value of IT governance across the enterprise.
Domain 2—Strategic Alignment: Develop, or be part of the development of, an enterprise’s IT strategy that includes the following responsibilities and tasks.
	Define and implement a strategic planning framework, requiring and facilitating collaborative and integrated business and IT management planning.
	Actively support/promote and participate in IT management planning by employing best practice enterprise architecture (EA) frameworks.
	Ensure that appropriate policies and procedures are in place, understood and followed to support IT and business strategic alignment.
	Identify and take action on barriers to strategic alignment.
	Ensure that effective communication and engagement exists between business and IT management regarding shared strategic initiatives and performance.
	Ensure business and IT goals cascade down through the enterprise into clear roles, responsibilities and actions.
	Assist senior management by aligning IT initiatives with business objectives and facilitating prioritization of business strategies that optimally achieve business objectives.
	Identify and monitor the interdependencies of strategic initiatives and their impact on value delivery and risk.
	Ensure that the strategic planning process is adequately documented, transparent and meets stakeholder needs.
	Maintain and update the IT management plans, artifacts and standards for the enterprise.
	Monitor, evaluate and report on the effectiveness of the alignment of IT and enterprise strategic initiatives.
	Monitor and assess current and future technologies and provide advice on the costs, risks and opportunities that they bring.
Domain 3—Value Delivery: Develop, or be part of the development of, a systematic, analytical and continuous value governance process that includes the following responsibilities and tasks.
	Ensure that business takes ownership and accountability for business cases, business transformation, organizational change, business process operation and benefit realization for all IT-enabled business investments.
	Ensure that all IT-enabled investments are managed as a portfolio of investments.
	Ensure that all IT-enabled investments are managed as programs and include the full scope of activities and expenditures that are required to achieve business value.
	Ensure that all IT-enabled investments are managed through their full economic life cycle so that value is optimized.
	Recognize that different categories of investments need to be evaluated and managed differently.
	Ensure that all IT solutions are developed and maintained effectively and efficiently through the development life cycle to deliver the required capabilities.
	Ensure that all IT services are delivered to the business with the right service levels.
	Ensure that IT services enable the business to create the required business value using assets (people, applications, infrastructure and information) to deliver the appropriate capabilities at optimal cost.
	Define and monitor appropriate metrics for the measurement of solution and service delivery against objectives and for the measurement of benefits realized, and respond to changes and deviations.
	Engage all stakeholders and assign appropriate accountability for delivery of business and IT capabilities and realization of benefits.
	Ensure that IT investments, solutions and services are aligned with the enterprise strategies and architecture.

Applicant Name:

Exam ID #:

Page V3

Verifier Name:

Domain 4—Risk Management: Develop, enhance and maintain a systematic, analytical and continuous enterprise risk management process across the enterprise that includes the following responsibilities and tasks.
	Ensure that IT risk identification, assessment, mitigation, management, communication and monitoring strategies are integrated into business strategic and tactical planning processes.
	Align the IT risk management processes with the enterprise business risk management framework (where this exists).
	Ensure a consistent application of the risk management framework across the enterprise IT environment.
	Ensure that risk assessment and management is included throughout the information life cycle.
	Define risk management strategies, and prioritize responses to identified risks to maintain risk levels within the appetite of the enterprise.
	Ensure that risk management strategies are adopted to mitigate risk and to manage to acceptable residual risk levels.
	Implement timely reporting on risk events and responses to appropriate levels of management (including the use of key risk indicators, as appropriate).
	Establish monitoring processes and practices to ensure the completeness and effectiveness of established risk management processes.
Domain 5—Resource Management: Develop, or assist in the development of systematic and continuous resource planning, management and evaluation processes that include the following responsibilities and tasks.
	Ensure that the requirements for trained resources with the requisite skill sets are understood and are assessed appropriately.
	Ensure the existence of appropriate policies for the training and development of all staff to help meet enterprise requirements and personal/professional growth.
	Develop and facilitate the maintenance of systems to record the resources available and potentially available to the enterprise.
	Undertake gap analyses to determine shortfalls against requirements to ensure that the business and IT resources (people, application, information, infrastructure) are able to meet strategic objectives.
	Effectively and efficiently ensure clear, consistent and enforceable human resource allocation to investment programs and services.
	Ensure that sourcing strategies are based on the effective use of existing resources and the identification of those that need be acquired.
	Ensure that people, hardware, software and infrastructure procurement policies exist to effectively and efficiently fulfill resource requirements.
	Through periodic assessment of the training requirements for human resources, ensure that sufficient, competent and capable human resources are available to execute the current and future strategic objectives and that they are kept up to date with constantly evolving technology.
	Ensure integration of resource identification, classification, allocation and periodic evaluation processes into the business’s strategic and tactical planning and operations.
	Ensure that the IT infrastructure is standardized; economies of scale are achieved, wherever possible; and interoperability exists, where required, to support the agility needs of the enterprise.
	Ensure that IT assets are managed and protected through their economic life cycle and are aligned with current and long-term business operations requirements to support cost-effective achievement of business objectives.
Domain 6—Performance Measurement; Develop, or assist in the development of, systematic and continuous performance management and evaluation processes that include the following responsibilities and tasks.
	Establish the enterprise’s strategic IT objectives, with the board of directors and executive leadership team, categorized into four areas: financial (business contribution), customer (user orientation), internal process (operational excellence), learning and growth (future orientation), or whatever areas are appropriate for the enterprise.
	Establish outcome and performance measures, supported by metrics, and targets that assess progress toward the achievement of enterprise and IT objectives and the business strategy.
	Evaluate IT process performance, track IT investment portfolio performance, and measure IT service delivery through the use of outcome measures and performance drivers.
	Use maturity models and other assessment techniques to evaluate and report on the health of the enterprise’s performance level.
	Use continuous performance measurement to identify, prioritize, initiate and manage improvement initiatives and/or appropriate management action.
	Report relevant portfolio, program and IT performance to relevant stakeholders in an appropriate, timely and accurate manner.

Clicking the Print button below does not submit your information. Please sign the completed application and either email, fax or postal mail your application to: ISACA 3701 N. Algonquin Rd. Suite 1010 Rolling Meadows, IL, USA 60008 Fax: 847.253.1443 Email: certification@isaca.org