CGEIT certification: Overview and career path [updated 2021]

Daniel Brecht
March 24, 2021 by
Daniel Brecht

A cert that targets enterprise leadership

The importance of IT governance for a company is impossible to ignore. Its goal is to ensure that the IT infrastructure matches and supports the business goals of an organization in an effective way. From optimizing resources to developing strategies and prioritizing initiatives, an expert in governance strives to deliver plans and policies to ensure that use of IT meets both strategic and operational business objectives and adherence to compliance/regulatory and security constraints.

IT governance is often under the umbrella of senior personnel like chief information officers (CIO) or chief technology officers (CTO) and their teams. Experience is an important factor; those who follow such a career path can benefit from an ad hoc certification that can further prove their competency in the role. 

As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise,” writes ISACA, an independent association founded to serve as a centralized source of information and guidance in the field of auditing controls for computer systems.

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.

What is the CGEIT certification?

Introduced in 2007 and effective since December 2008, ISACA’s Certified in the Governance of Enterprise IT (CGEIT) credential tests an individual’s knowledge and application of enterprise IT governance principles and practices. Lately, a new job practice was released in order to account for new technologies and developments in the field of data privacy and governance laws, focusing on information governance and big data.

According to ISACA, there are three major changes for the 2020 CGEIT Job practice:

  •  A complete format change with exam specifications that are no longer focused on task statements but on topic/knowledge areas. The new outline does contain, however, a list of secondary task statements and activities that apply the applicable knowledge from each of the four domain content areas.
  • Many new topic areas were added to make the exam more relevant to IT governance professionals with at least five years of experience.
  • The certification now includes four domains instead of five, with the elimination of the Domain “Strategic Management.” The topic of strategy and strategic management has been included in all four domains of the new content outline.

There are also a number of other changes that have been implemented: from the introduction of subdomains to better organize task and knowledge statements within the broader domains to a review of knowledge statements to make sure they represent current technology and to avoid any redundancies.

The scope of the new CGEIT Job Practice, or exam content outline, is to ensure the certification alignment to the required knowledge professionals in the field are asked to have and enhance the preparation experience of exam candidates.

The domains of the 2020 CGEIT certification

This certification addresses key knowledge areas related to Governance of Enterprise responsibilities of the board or the senior management. There are four domains on which testers will be examined.

Domain 1: Governance of Enterprise IT (40%)

  • Governance framework
    • Components of a governance framework
    • Organizational structures, roles and responsibilities
    • Strategy development
    • Legal and regulatory compliance
    • Organizational culture
    • Business ethics
  • Technology governance
    • Governance strategy alignment with enterprise objectives
    • Strategic planning process
    • Stakeholder analysis and engagement
    • Communication and awareness strategy
    • Enterprise architecture
    • Policies and standards
  • Information governance
    • Information architecture
    • Information asset life cycle
    • Information ownership and stewardship
    • Information classification and handling

Domain 2: IT Resources (15%)

  • IT resource planning
    • Sourcing strategies
    • Resource capacity planning
    • Acquisition of resources
  • IT resource optimization
    • IT resource life cycle and asset management
    • Human resource competency assessment and development
    • Management of contracted services and relationships

Domain 3: Benefits Realization (26%)

  • IT performance and oversight
    • Performance management
    • Change management
    • Governance monitoring
    • Governance reporting
    • Quality assurance
    • Process development and improvement
  • Management of IT-enabled investments
    • Business case development and evaluation
    • IT investment management and reporting
    • Performance metrics
    • Benefit evaluation methods

Domain 4: Risk Optimization (19%)

  • Risk strategy
    • Risk frameworks and standards
    • Enterprise risk management
    • Risk appetite and risk tolerance
  • Risk management
    • IT-enabled capabilities, processes and services
    • Business risk, exposures and threats
    • Risk management life cycle
    • Risk assessment methods

These CGEIT job practice domains serve as the basis for the exam and outline the required knowledge to earn the certification. They effectively cover the basic guidelines that a professional needs to follow when assuming a role in IT governance. The job practice areas were identified and developed with the help of subject-matter experts around the world who were able to identify the main issues and staples of their everyday tasks as well as the knowledge required to excel in the field.

The test covers 150 multiple-choice, experienced-based questions, and professionals have four hours to complete it. The passing score is 450 on a point scale that goes from 200 to 800. Effective 2017, the CGEIT exam has been offered via a computer-based testing (CBT) session for the price of $575 (ISACA member)/$760 (ISACA non-member), to be taken only at approved testing centers found globally during three testing windows of four-month durations.

Check for a listing of the exam sites. Registered candidates (which you can do by going to for the CGEIT exam are eligible to schedule their testing appointments and can do so by logging in to their profile at

Who should earn the CGEIT?

The CGEIT designation is a globally accepted certification to recognize professionals who have governance-related experience and knowledge. ISACA has developed the CGEIT qualification to suit professionals serving in management, advisory or assurance roles who are able to show an adequate level of current knowledge and proficiency in the field.

The target audience includes:

  • IT directors
  • Audit directors
  • CIOs
  • CISOs
  • CEOs
  • Compliance and information security professionals
  • IT assurance professionals
  • Senior IT managers
  • Organizational strategic managers
  • Manager — governance, risk and compliance

Is the CGEIT certification worth the effort?

Passing the test is not enough. To be CGEIT-certified requires a combination of practice and familiarity with the areas covered by the exam. Candidates that pass the test will be certified only after demonstrating to have five or more years of experience managing and supporting IT governance or serving in an advisory or oversight role. A minimum of one year has to be related to establishing and managing a framework for the governance of IT. These are firm requirements and no waivers are allowed.

Once certification is acquired, it is still not over. CGEIT holders are required to keep up to date by obtaining and reporting to ISACA a minimum of 20 CPE hours a year and 120 CPE credits over the course of three years. The Continuing Professional Education (CPE) credits need to be acquired in IT governance-related tasks.

CGEIT is one of the top governance, risk and compliance (GRC) certifications and can really give an edge to professionals of IT governance in their future career endeavors, progression or advancement. The certification can increase the holders’ market value by providing a proof of competence and expertise in the sector.

According to PayScale, the average salary of professionals with a CGEIT credential is USD $133,256, making it one of the most remunerative certifications in IT. Therefore, all the hard work will definitely be worth it. What’s more, the CGEIT is well-respected by most organizations. It’s become increasingly important for executives within an organization to be certified in order to reach positions like CIO and CTO.

What is the best way to train and study for the CGEIT?

Part of the official ISACA study materials are textbooks, such as the “CGEIT Review Manual, 8th Edition” and the “CGEIT Review Questions, Answers and Explanations Manual, 5th Edition,” which are up-to-date study resources for the current CGEIT exam.

Alternatively, there’s a 2-3 day preparation course online run by the ISACA Central UK Chapter that ends on Dec 18th, 2020. In addition, there’s a review course (in Italian) by the ISACA Venice Chapter that ends on Oct 30th, 2020, as well as a “Live Global Webinar” by the ISACA New York Metropolitan Chapter that ends on Oct 31st, 2020. Attendees can earn 14 CPE credits.

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.


IT governance is quickly becoming one of the most important elements especially for larger organizations to establish structure with roles and responsibilities. A CGEIT certification may secure you a role as trusted advisor to your enterprise with a responsibility of providing a wider view into IT governance, risk management and compliance (e.g., CCPA or GDPR).

So, what benefit does the CGEIT cert have?

“Unlike other certifications that focus on technical skills in specific domains, CGEIT focuses on the big picture,” says Nader Qaimari, ISACA Chief Learning Officer. “This certification helps IT professionals understand overarching business goals, proactively plan and optimize resources, and adjust to new regulations and mandates with minimal interruption in operations, providing great value to the C-suite, including during times of crisis like we are experiencing now.”

With ISACA’s rigorous certification and recertification requirements geared towards acquired experience and in keeping up to date with all latest developments, the CGEIT certification is among the must-have senior-level certifications for professionals that are pursuing higher positions in the field and aspire to pivotal role in improving corporate governance practices.

Ready to be certified? Register online anytime to schedule and take the CGEIT certification exam, which can now be taken via online remote proctored or at an in-person testing center.


Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.