CGEIT Frequently Asked Questions 

 

The answers you seek for the topics of Exam Registration & Administration, Certification Requirements and Exam Content.

 

CGEIT Certification :: Application Processing
Exam Registration & Administration :: Exam Content :: Certification Requirements

CGEIT Certification

  1. Why does ISACA offer an IT governance certification?
  2. Who is the CGEIT certification intended for?
  3. Do CISAs and CISMs qualify for CGEIT?

1. Why does ISACA offer an IT governance certification?

Boards and executive management have long understood the need for enterprise and corporate governance. As information technology (IT) has become more important to the achievement of enterprise goals and delivery of benefits, there has been an increasing realization that governance must be extended to IT as well. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives. ISACA recognized this shift in emphasis in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. To support and promote this significant body of work, ISACA and the ITGI are proud to offer a certification program for professionals charged with satisfying the IT governance needs of an enterprise.

2. Who is the CGEIT certification intended for?

The CGEIT certification is intended to recognize a wide range of professionals for their knowledge and application of IT governance principles and practices. It is designed for professionals who have a significant management, advisory and/or assurance responsibilities relating to the governance of enterprise IT. Among them are:

  • Chief Executive Officer (CEO)/President
  • Chief Information Officer (CIO)
  • Chief Technology Officer (CTO)
  • Chief Audit Executive (CAE)/Partner/Principal
  • Chief Information Risk Strategist
  • Chief Information Security Officer (CISO)
  • Chief Security Officer (CSO)
  • IT Governance Director/Manager
  • IS/IT Director/Manager
  • IS/IT Consultant
  • IS/IT Audit Director/Manager
  • IS/IT Security Director/Manager
  • IS/IT Compliance Director/Manager
  • Project Manager
  • Business Manager
  • General Manager

3. Do CISAs and CISMs qualify for CGEIT?

The CGEIT certification program recognizes the IT governance components of the CISA and CISM credentials and as such, both certifications can be used as 1-year experience waiver towards the requirements for the CGEIT certification. To see educational and experience waivers for CGEIT, go to www.isaca.org/cgeitrequirements.

Application Processing :: Exam Registration & Administration
Exam Content :: Certification Requirements

CGEIT Application Processing

  1. I think I am qualified, but not sure. Any suggestions?
  2. There is no way that I can summarize my career in 500 words. What should I do?
  3. What is the best way to summarize my IT governance experience in the narrative?
  4. My view is that IT governance involves assessing how financial resources are to be spent to maximize a business process. Would you agree?
  5. I have been working in assurance or compliance related jobs my entire career. Can I qualify?
  6. Does my Information Security Governance experience qualify as IT Governance experience?
  7. As an IT manager, I've had experience with identifying the skill gaps of the people who work for me. Does that qualify as experience in the Resource Management domain?
  8. What does a CGEIT “in good standing” mean?

1. I think I am qualified, but not sure. Any suggestions?

First, re-read the CGEIT Job Practice. While going through it one domain at a time, write down specific examples from your work experience that demonstrate your participation in that area of governance of enterprise IT. Keep in mind that just having experience with business systems or IT or audit or security, doesn't necessarily mean you are qualified. You must be able to relate that experience to IT governance. Also, you must have experience in domain 1 and at least 2 of the other domains in order to qualify.

2. There is no way that I can summarize my career in 500 words. What should I do?

Remember that you aren't trying to summarize your career. The CGEIT Certification Board is not looking for volume (of words), but clear and succinct examples of your experience in domain 1 and at least two other domains. Your description needs to help the CGEIT Board reviewers see that you have an understanding of, and experience in, the governance of enterprise IT.

3. What is the best way to summarize my IT governance experience in the narrative?

Explicitly identify the domains in your narrative when you describe your specific experiences in those areas. In other words, start your narrative with "Domain 1: IT Governance Framework", then under that, describe your experience with developing, or being part of the development of, and/or maintenance of an IT governance framework. Then do the same with each of the other domains in which you have experience. This allows you highlight the experience you have in each domain, without including other experience that is less governance related. The CGEIT Certification Board members reviewing the applications have found this approach very helpful. Remember, you want to demonstrate to the CGEIT Certification Board members that you have an understanding of, and experience in, the governance of enterprise IT.

4. My view is that IT governance involves assessing how financial resources are to be spent to maximize a business process. Would you agree?

IT governance is broader than that. If it were only "assessing how financial resources are to be spent to maximize a business process" then good investment management and program/project management is all you would need. The broader view says that IT governance is about the leadership, the organizational structures, and the processes in the organization that, all together, help ensure that the detailed IT work contributes to business goals and objectives. So good project management practices help make sure you meet time, budget and scope requirements, but IT governance processes are about how those projects get selected and how the available resources get split between new projects and sustaining operations; they're about the measurement of expected business outcomes to actuals. It's about how alignment of the entire IT effort with business objectives is ensured.

5. I have been working in assurance or compliance related jobs my entire career. Can I qualify?

You may but you need to have had experience that goes beyond just doing audits or checking compliance. Go through the CGEIT Job Practice. Think of examples from your roles and responsibilities where you participated in work that furthered the purpose/objective of each of the governance domains. Assurance professionals can, and do, make contributions beyond inspection and reporting. If you have, record those specific examples in the application narrative so that the CGEIT Board Certification Board members can see that you have an understanding of, and experience in, enterprise governance of IT.

6. Does my Information Security Governance experience qualify as IT Governance experience?

Very likely, but not automatically. You need to be able to relate that experience to how it contributed to the broader IT governance domains described in the CGEIT Job Practice.

7. As an IT manager, I've had experience with identifying the skill gaps of the people who work for me. Does that qualify as experience in the Resource Management domain?

Probably not, although it may appear so. For example, there is a task statement in the CGEIT Job Practice that says, "Ensure that the requirements for trained resources with the requisite skill sets are understood and are assessed appropriately." You might be doing that within the organization you manage, but at that level it isn't IT governance, it's good management. The CGEIT Job Practice task statements must be considered within the context of the domain description. In this example, the CGEIT Certification Board is looking at this task as it contributes to the development of "systematic and continuous resource planning, management, and evaluation processes" to "ensure that IT has sufficient, competent and capable resources to execute current and future strategic objectives". If your assessment of the skill gaps of your people was part of a broader governance effort, OR if your efforts somehow lead to better enterprise IT resource planning (beyond your group), then the experience would apply.

8. What does a CGEIT “in good standing” mean?

In order to be a CGEIT “in good standing”, the following must be achieved:

  • Certification granted from the corresponding Board, resulting from an approved application
  • Continuing professional education is current and up-to-date
  • All renewal fees/maintenance payments are current
  • Continued compliance with the ISACA’s Code of Professional Ethics

CGEIT Certification :: Exam Registration & Administration
Exam Content :: Certification Requirements

Exam Registration & Administration

  1. When will I receive my June 2010 exam results?
  2. What is the date of the next CGEIT exam?
  3. When does registration begin for the next exam?
  4. What is the registration deadline for the next exam and what are the fees?
  5. Can I take the CISA, CISM and CGEIT exams on the same day?
  6. Can I change my exam site or language?
  7. Can I defer my exam?
  8. How do I provide comments on testing conditions?
  9. Where can I find CISA/CISM/CGEIT applications for certification?
  10. What are the requirements for CISA/CISM/CGEIT certification?
  11. How is the exam scored?

1. When will I receive my June 2010 exam results?

Results for the for the June 2010 exam were released via email on 12 August 2010 to those candidates who elected to receive the email notification option and have no outstanding balances for the exam. The hard copy result letters will be sent within the week via the post. Please allow for adequate delivery time to your mailing location. To ensure the confidentiality of scores, exam results will not be reported by telephone, fax or email other than the one-time notification email.

2. What is the date of the next CGEIT exam?

The next exam will be administered on 11 December 2010 unless otherwise specified at www.isaca.org/examlocations.

3. When does registration begin for the next exam?

Registration for the 11 December 2010 exam is currently open. You can register for the exam at www.isaca.org/examreg.

4. What is the registration deadline of the next exam and what are the fees?

Early registration deadline:  27 August 2010
Final registration deadline:   6 October 2010
Please visit www.isaca.org/cgeitboi for more details, including fees. Candidates can save US $50 on the exam registration fee by registering online.

5. Can I take the CISM, CISA and CGEIT exams on the same day?

The CISM, CISA and CGEIT exams are given simultaneously in a four-hour time frame.  It is not possible to take multiple exams on the same day.

6. Can I change my exam site or language?

Yes, changes to the exam site, language, exam type or name changes are permitted until 15 October 2010**.  Exam registration changes are subject to the following charges:

On or before 8 October…………………………no charge
9 October through 15 October……………………..$50

No exam registration changes will be granted after 15 October 2010.

**Please note that all deadlines are based on Chicago, Illinois, USA 5 p.m. Central Time.  

For name, exam site, language or exam type changes, please send an email to exam@isaca.org. These changes do not include deferrals.

7. Can I defer my exam?

Candidates unable to take the exam can request a deferral of their registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit www.isaca.org/examdefer.

8.  How do I provide comments on testing conditions?

Candidates wishing to comment on the test administration conditions may do so at the conclusion of the testing session by completing the “Test Administration Questionnaire.” The Test Administration Questionnaire is presented at the back of the examination booklet and your questionnaire answers should be entered in boxes P through S of the Special Codes section (Grid No. 4) on the front of your Answer Sheet.

Candidates who wish to address any additional comments or concerns about the examination administration should contact ISACA international head-quarters by letter or by e-mail (exam@isaca.org). These comments or concerns should be received by ISACA within 2 weeks after the examination date. Candidates who wish to comment on the contents of the examination may do so by mailing their comments to the Professional Examination Service. However, only those comments received by The  Professional Examination Service during the first 2 weeks after the exam administration  will be considered in the final scoring process of the examination. You may obtain the address of the Professional Examination Service from the Proctor after you complete the  examination.

9. Where can I find CISA/CISM/CGEIT applications for certification?

CISA applications are located at www.isaca.org/cisaapp.
CISM applications are located at www.isaca.org/cismapp.
CGEIT applications are located at www.isaca.org/cgeitapp.

10. What are the requirements for CISA/CISM/CGEIT certification?

CISA requirements for certification are available at www.isaca.org/cisarequirements.

CISM requirements for certification are available at www.isaca.org/cismrequirements.

CGEIT requirements for certification are available at www.isaca.org/cgeitrequirements.

11. How is the exam scored?

ISACA uses a 200-800 point scale with 450 as the passing mark for the exams.  A scaled score is a conversion of the raw score on an exam to a common scale.  It is important to note that the exam score is not based on an arithmetic or percent average. For example, the scaled score of 800 represents a perfect score with all 200 questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly.

A candidate must receive a scaled score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established for the exam by the respective ISACA Certification Committee. The passing score of 450 represents the minimum number of questions that must be answered correctly by the candidate in order to demonstrate practical application of the job task and knowledge statements. A candidate receiving a passing score may then apply for certification if all other requirements are met.

 

CGEIT Certification :: Application Processing :: Exam Content :: Certification Requirements

Exam Content

  1. How long is the exam?
  2. What does the CGEIT exam cover?
  3. What is the CGEIT job practice and how was it developed?

1. How long is the exam?

A candidate is given 4 hours to complete the exam.

2. What does the CGEIT exam cover?

The CGEIT exam will cover (6) IT governance domains, each of which is further defined and detailed through task and knowledge statements. The governance areas, or domains, include: IT Governance Framework, Strategic Alignment, Value Delivery, Risk Management, Resource Management, and Performance Measurement. For specific details, please go to Job Practice Areas.

3. What is the CGEIT job practice and how was it developed?

ISACA's philosophy toward certification is to measure the individuals' ability and knowledge as it pertains to the performance of their job. The job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge statements, organized by domains. These statements and domains were based on feedback from IT governance subject matter experts from around the world. Numerous reference sources were also utilized including research conducted by the IT Governance Institute and COBIT 4.1.

View the detailed CGEIT job practice areas.

CGEIT Certification :: Application Processing
Exam Registration & Administration :: Certification Requirements

Certification Requirements

  1. What do I need to do if I've received a revocation notice?
  2. Where can I find the CGEIT application for certification?
  3. What are the qualifications to earn the CGEIT credential?
  4. What does the CGEIT continuing professional education program require?
  5. How can I earn CPE credits online?
  6. How do I submit my annual continuing profession education (CPE) hours to ISACA?
  7. What does a CGEIT “in good standing” mean?
  8. Do I need to submit documentation for my 2009 CPE hours?
  9. I was selected for an audit of my 2009 CPE hours and have provided the documentation. When will I receive a confirmation?

1. What do I need to do if I've received a revocation notice?

If you have received a revocation notice, please contact certification@isaca.org.

2. Where can I find the CGEIT application for certification?

There are three ways to obtain the CGEIT application:

  Online Application Form

  Download application (450K)

  Request an application (sent in postal mail)

3. What are the qualifications to earn the CGEIT credential?

Qualifying for CGEIT requires a combination of four "e's": experience, ethics, education and exam. Specifically, the requirements are:

  • Earn a passing score on the CGEIT exam
  • Adhere to the ISACA Code of Professional Ethics
  • Commit to abide by the CGEIT Continuing Professional Education Policy
  • A minimum of five years of experience managing, serving in an advisory or oversight role, and/or otherwise supporting the governance of the IT-related contribution to an enterprise is required to apply for certification. This experience is defined specifically by the domains and task statements described in the CGEIT Job Practice. Some substitutions and waivers of such experience are available.

CGEIT Requirements >>

 

4. What does the CGEIT continuing professional education program require?

In order to become and remain a CGEIT an individual must agree to comply with the CGEIT continuing professional education program. This program requires an individual to earn a minimum of twenty (20) hours annually and one hundred twenty (120) hours every three years of continuing professional education. In addition, an annual maintenance fee of US $40 ISACA member and US $80 non-member is required.

  Download CGEIT CPE Policy

 

5. How can I earn CPE credits online?

ISACA members can earn CPE hours by taking and passing an ISACA Journal CPE Quiz online. One CPE hour is awarded per quiz. ISACA members may also earn CPEs online by participating in e-symposia. The e-symposia are offered live each month or may be accessed on demand via the archives. For more information, please go to webcasts. In order to claim the CPE hours (generally 3 hours per e-symposia), a passing score must be earned on the quiz.

6. How do I submit my annual continuing profession education (CPE) hours to ISACA?

CPE hours are reported annually during the renewal process which begins in October/November of each year. At renewal time, you will be asked to report the total number of CPE hours that you earn during the cycle year. Please keep track of the activities you take and retain the supporting documentation so that you are able to properly report your hours. You will be sent an email notification when the renewal process opens each year. At that time, you can go to our web site and pay your annual dues and report your CPE hours at www.isaca.org/renew. Alternatively, you can wait until we send you the hard copy annual invoice and use that as the mechanism to make your payment and report your CPE hours.

7. What does a CGEIT “in good standing” mean?

In order to be a CGEIT “in good standing”, the following must be achieved:

  • Certification granted from the corresponding Board, resulting from an approved application
  • Continuing professional education is current and up-to-date
  • All renewal fees/maintenance payments are current
  • Continued compliance with the ISACA’s Code of Professional Ethics

8. Do I need to submit documentation for my 2009 CPE hours?

CPE hours are entered into your profile annually during renewal time. Documentation of CPE hours does not need to be provided to ISACA unless you are selected for an audit of your CPE hours.

9. I was selected for an audit of my 2009 CPE hours and have provided the documentation. When will I receive a confirmation?

If any additional information is required or there are questions regarding your documentation, we will contact you directly via email. Once your audit documentation has been reviewed and approved, a notice will be sent to you via the post. If you have not been contacted or received notification of compliance from the certification department please contact us at CGEITaudit@isaca.org.

CGEIT Certification :: Application Processing
Exam Registration & Administration :: Exam Content