menu image
AssuranceSecurityGovernanceMembers & LeadersProfessionals & PractitionersStudents & EducatorsExhibitors & Advertisers
menu shadow
Overview & History
What's New
Certification
Education & Conferences
Standards
Research
Publications
Chapters
Membership
Bookstore
Downloads
COBIT
Risk IT
Career Centre
spacer image
Print this page
spacer image

Home

CGEIT Logo

CGEIT Frequently Asked Questions (FAQ)

CGEIT Certification :: Application Processing
Exam Registration & Administration :: Exam Content

CGEIT Certification

  1. Why does ISACA offer an IT governance certification?
  2. Who is the CGEIT certification intended for?
  3. Do CISAs and CISMs qualify for CGEIT?

1. Why does ISACA offer an IT governance certification?

Boards and executive management have long understood the need for enterprise and corporate governance. As information technology (IT) has become more important to the achievement of enterprise goals and delivery of benefits, there has been an increasing realization that governance must be extended to IT as well. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives. ISACA recognized this shift in emphasis in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. To support and promote this significant body of work, ISACA and the ITGI are proud to offer a certification program for professionals charged with satisfying the IT governance needs of an enterprise.

2. Who is the CGEIT certification intended for?

The CGEIT certification is intended to recognize a wide range of professionals for their knowledge and application of IT governance principles and practices. It is designed for professionals who have a significant management, advisory and/or assurance responsibilities relating to the governance of enterprise IT. Among them are:

  • Chief Executive Officer (CEO)/President
  • Chief Information Officer (CIO)
  • Chief Technology Officer (CTO)
  • Chief Audit Executive (CAE)/Partner/Principal
  • Chief Information Risk Strategist
  • Chief Information Security Officer (CISO)
  • Chief Security Officer (CSO)
  • IT Governance Director/Manager
  • IS/IT Director/Manager
  • IS/IT Consultant
  • IS/IT Audit Director/Manager
  • IS/IT Security Director/Manager
  • IS/IT Compliance Director/Manager
  • Project Manager
  • Business Manager
  • General Manager

3. Do CISAs and CISMs qualify for CGEIT?

The CGEIT certification program recognizes the IT governance components of the CISA and CISM credentials and as such, both certifications can be used as 1-year experience waiver towards the requirements for the CGEIT certification. To see educational and experience waivers for CGEIT, go to www.isaca.org/cgeitrequirements.

Application Processing :: Exam Registration & Administration :: Exam Content

CGEIT Application Processing

  1. I think I am qualified, but not sure. Any suggestions?
  2. There is no way that I can summarize my career in 500 words. What should I do?
  3. What is the best way to summarize my IT governance experience in the narrative?
  4. My view is that IT governance involves assessing how financial resources are to be spent to maximize a business process. Would you agree?
  5. I have been working in assurance or compliance related jobs my entire career. Can I qualify?
  6. Does my Information Security Governance experience qualify as IT Governance experience?
  7. As an IT manager, I've had experience with identifying the skill gaps of the people who work for me. Does that qualify as experience in the Resource Management domain?
  8. What does a CGEIT “in good standing” mean?

1. I think I am qualified, but not sure. Any suggestions?

First, re-read the CGEIT Job Practice. While going through it one domain at a time, write down specific examples from your work experience that demonstrate your participation in that area of governance of enterprise IT. Keep in mind that just having experience with business systems or IT or audit or security, doesn't necessarily mean you are qualified. You must be able to relate that experience to IT governance. Also, you must have experience in domain 1 and at least 2 of the other domains in order to qualify.

2. There is no way that I can summarize my career in 500 words. What should I do?

Remember that you aren't trying to summarize your career. The CGEIT Certification Board is not looking for volume (of words), but clear and succinct examples of your experience in domain 1 and at least two other domains. Your description needs to help the CGEIT Board reviewers see that you have an understanding of, and experience in, the governance of enterprise IT.

3. What is the best way to summarize my IT governance experience in the narrative?

Explicitly identify the domains in your narrative when you describe your specific experiences in those areas. In other words, start your narrative with "Domain 1: IT Governance Framework", then under that, describe your experience with developing, or being part of the development of, and/or maintenance of an IT governance framework. Then do the same with each of the other domains in which you have experience. This allows you highlight the experience you have in each domain, without including other experience that is less governance related. The CGEIT Certification Board members reviewing the applications have found this approach very helpful. Remember, you want to demonstrate to the CGEIT Certification Board members that you have an understanding of, and experience in, the governance of enterprise IT.

4. My view is that IT governance involves assessing how financial resources are to be spent to maximize a business process. Would you agree?

IT governance is broader than that. If it were only "assessing how financial resources are to be spent to maximize a business process" then good investment management and program/project management is all you would need. The broader view says that IT governance is about the leadership, the organizational structures, and the processes in the organization that, all together, help ensure that the detailed IT work contributes to business goals and objectives. So good project management practices help make sure you meet time, budget and scope requirements, but IT governance processes are about how those projects get selected and how the available resources get split between new projects and sustaining operations; they're about the measurement of expected business outcomes to actuals. It's about how alignment of the entire IT effort with business objectives is ensured.

5. I have been working in assurance or compliance related jobs my entire career. Can I qualify?

You may but you need to have had experience that goes beyond just doing audits or checking compliance. Go through the CGEIT Job Practice. Think of examples from your roles and responsibilities where you participated in work that furthered the purpose/objective of each of the governance domains. Assurance professionals can, and do, make contributions beyond inspection and reporting. If you have, record those specific examples in the application narrative so that the CGEIT Board Certification Board members can see that you have an understanding of, and experience in, enterprise governance of IT.

6. Does my Information Security Governance experience qualify as IT Governance experience?

Very likely, but not automatically. You need to be able to relate that experience to how it contributed to the broader IT governance domains described in the CGEIT Job Practice.

7. As an IT manager, I've had experience with identifying the skill gaps of the people who work for me. Does that qualify as experience in the Resource Management domain?

Probably not, although it may appear so. For example, there is a task statement in the CGEIT Job Practice that says, "Ensure that the requirements for trained resources with the requisite skill sets are understood and are assessed appropriately." You might be doing that within the organization you manage, but at that level it isn't IT governance, it's good management. The CGEIT Job Practice task statements must be considered within the context of the domain description. In this example, the CGEIT Certification Board is looking at this task as it contributes to the development of "systematic and continuous resource planning, management, and evaluation processes" to "ensure that IT has sufficient, competent and capable resources to execute current and future strategic objectives". If your assessment of the skill gaps of your people was part of a broader governance effort, OR if your efforts somehow lead to better enterprise IT resource planning (beyond your group), then the experience would apply.

8. What does a CGEIT “in good standing” mean?

In order to be a CGEIT “in good standing”, the following must be achieved:

  • Certification granted from the corresponding Board, resulting from an approved application
  • Continuing professional education is current and up-to-date
  • All renewal fees/maintenance payments are current
  • Continued compliance with the ISACA’s Code of Professional Ethics

CGEIT Certification :: Exam Registration & Administration :: Exam Content

Exam Registration & Administration

  1. When will I receive my admission ticket for the June 2009 exam?
  2. What is the exact location of the test site for my June 2009 exam?
  3. What time should I arrive at the exam site?
  4. Can I still defer my June 2009 exam?
  5. What should I bring to the exam?
  6. What is the next exam date?
  7. When will registration open for the 12 December 2009 exam?

1. When will I receive my admission ticket for the June 2009 exam?

Electronic exam admission e-tickets have been released to paid candidates via email on 30 April 2009 to the email address listed in your profile. Please check your inbox as well as spam filters for your e-Ticket.

The hard copy admission tickets have been released to the preferred mailing address in your profile. Candidates can use either a print out of the e-Ticket or the hard copy admission ticket for entry into the exam. Again, only one exam ticket is needed for entry.

If you have not received an exam admission ticket by 1 June 2009 please contact exam@isaca.org immediately. Please put “Exam Admission Ticket” in the subject line.

2. What is the exact location of the test site for my June 2009 exam?

The exam details, including the exact exam location, are listed on your exam admission ticket. To ensure that you arrive in plenty of time for the exam, we recommend that you become familiar with the exact location and the best travel route to your exam site prior to the date of the exam. Test center phone numbers and web site references have been provided (when available) to assist you in obtaining directions to the facility.

3. What time should I arrive at the exam site?

Your arrival time is listed on your exam ticket. Please check your admission ticket for the exam time for your exam location as time can vary by site.

NO CANDIDATE WILL BE ADMITTED TO THE TEST CENTER ONCE THE CHIEF EXAMINER BEGINS READING THE ORAL INSTRUCTIONS. Any candidate who arrives after the oral instructions have begun will not be allowed to sit for the exam and will forfeit their registration fee.

4. Can I still defer my June 2009 exam?

Candidates unable to take the exam can request a deferral of their registration fees to the next exam date. From 25 April 2009 through 28 May 2009, a processing fee of US $100 will be charged. Deferral requests will not be accepted after 28 May 2009. To request a deferral, please go to www.isaca.org/examdefer to complete the process. The exam and deferral fees are nonrefundable. Please note: Deferral requests will not be processed until deferral fees have been paid in full. Payment is due in full by 13 June 2009. All deadlines are based upon Chicago, Illinois USA, 5 p.m. CT (central time).

5. What should I bring to the exam?

In addition to your admission ticket, bring several sharpened No. 2 or HB pencils, an eraser, and an acceptable form of photo identification such as a driver’s license, passport or government ID. This ID must be a current and original government issued identification that contains both your name as it appears on the admission ticket and your photograph. Any candidate who does not provide an acceptable form of identification will not be allowed to sit for the exam and will forfeit their registration fee. Please visit www.isaca.org/cgeitbelongings for a list of items which are permitted and are not permitted in the exam site.

6. What is the next exam date?

The next exam date is 12 December 2009.

7. When will registration open for the 12 December 2009 exam?

Registration is currently open for the 12 December 2009 exam. You can register for the 12 December 2009 exam at www.isaca.org/cgeitreg.

CGEIT Certification :: Application Processing :: Exam Content

Exam Content

  1. How long is the exam?
  2. What does the CGEIT exam cover?
  3. What is the CGEIT job practice and how was it developed?

1. How long is the exam?

A candidate is given 4 hours to complete the exam.

2. What does the CGEIT exam cover?

The CGEIT exam will cover (6) IT governance domains, each of which is further defined and detailed through task and knowledge statements. The governance areas, or domains, include: IT Governance Framework, Strategic Alignment, Value Delivery, Risk Management, Resource Management, and Performance Measurement. For specific details, please go to www.isaca.org/cgeitjobpractice.

3. What is the CGEIT job practice and how was it developed?

ISACA's philosophy toward certification is to measure the individuals' ability and knowledge as it pertains to the performance of their job. The job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge statements, organized by domains. These statements and domains were based on feedback from IT governance subject matter experts from around the world. Numerous reference sources were also utilized including research conducted by the IT Governance Institute and COBIT 4.1.

The detailed CGEIT job practice areas can be viewed at www.isaca.org/cgeitjobpractice.

CGEIT Certification :: Application Processing
Exam Registration & Administration


nav menu image
spacer image
Assurance | Security | Governance
Members & Leaders | Professionals & Practitioners | Students & Educators | Exhibitors & Advertisers
Info Request | Join | Bookstore | My ISACA | About ISACA
Home | Site Map | Shopping Cart | Logout | Contact Us
spacer image
menu shadow

Terms Of Use | Privacy Policy | IP Guidelines
© 2009 ISACA All rights reserved.
3701 Algonquin Road, Suite 1010, Rolling Meadows, Illinois 60008 USA