CGEIT certification exam: overview of domains [Updated 2021]

Dan Virgillito
February 22, 2021 by
Dan Virgillito


When it comes to IT governance, organizations hope to find professionals who can help ensure their operations adhere to specific industry regulations and standards. While senior IT personnel like CTOs (chief technology officers) and CIOs (chief information officers) are responsible for devising strategies to ensure the use of IT conforms to compliance and security constraints, experience and domain knowledge is a critical factor. Therefore, those who aim to gain competency in the area can benefit from an ad hoc certification like CGEIT.

Effective since December 2008, the CGEIT or Certified in the Governance of Enterprise IT certification acknowledges an individual’s proficiency in enterprise IT governance strategies and principles. The cert also addresses critical knowledge areas relating to enterprise governance responsibilities of the senior management. The ISACA, also known as the Information Systems Audit and Control Association, currently conducts the exam for CGEIT certification. 

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.

2020 CGEIT domain overview

Previously, the CGEIT exam covered five domain areas designed to reflect a candidate’s knowledge of new trends and emerging technologies. The 2020 CGEIT exam content outline, however, eliminates the domain “strategic management” from the evaluation criteria, as strategy and management are encompassed throughout the other domains in the new outline. This reveals that the exam now has four domains instead of five. The new CGEIT exam outline also includes corresponding content areas and sub-topic areas with supporting task statements for each domain. 

This section offers a brief overview of each of the four CGEIT exam domains to help you start your preparation on the right foot. The domains for the 2020 CGEIT are as follows:

Domain 1 – Governance of Enterprise IT (40% of exam)

This domain analyzes a candidate’s understanding of the enterprise governance framework regarding COBIT, ISO, ITIL and other best practices. This also includes ensuring it aligns with the corporation’s mission statement while accounting for internal and external requirements (like compliance to regulations). It also covers the assignment of responsibilities and a range of techniques related to a company’s information management processes. 

Exam questions for this domain may test a candidate’s knowledge on information asset lifestyle, information handling and classification and information stewardship and ownership, in addition to testing their competencies in the implementation and optimization of IT-enabled enterprise investments.

Domain 2 – IT Resources (15% of exam)

The second CGEIT exam domain covers the planning and optimization of IT resources, including sourcing and acquisition strategies, capacity planning, asset management and human resource development. Candidates might be required to ensure the right processes are in place to recognize, acquire and maintain IT capabilities (e.g., services, applications and infrastructure, information and people). 

In terms of IT resource optimization, the exam might test candidates’ competency in IT resource management, data management and data governance, and service-level agreements (SLAs). Plus, supporting task statements could require the individuals to meet the expectations of contracted service providers, requiring knowledge of the shared information view.

Domain 3 – Benefits Realization (26% of exam)

This domain covers the KPIs (Key Performance Indicators) that indicate that the investments done to improve the IT infrastructure will yield benefits to the enterprise. Passing exam questions related to this area requires the knowledge of benefit calculation methods, continuous improvement principles, and how to monitor and measure the ROI of IT-enabled investments. Learning about improvement initiatives that are critical to ensure that IT objectives reach their target is also crucial. 

Most of these initiatives are relevant to the IT life cycle’s last stage and include the following steps: Plan, Do, Act and Check. Additionally, the Benefits Realization domain may test candidates on business case development, techniques and processes for strategy, and the creation, transition, implementation and support of IT services and offerings. 

Domain 4 – Risk Optimization (19% of exam)

The last CGEIT exam domain assesses a candidate’s ability to recognize that an applicable framework illustrates good governance. Additionally, the IT management framework should be the one that helps identify, analyze, monitor, manage, communicate and mitigate IT-relevant business risk. 

Candidates should have knowledge of BCP (business continuity planning), DRP (disaster recovery planning) and establishing KRIs (key risk indicators) relating to both risk appetite and risk management, as well as mitigation and tolerance. Lastly, risk optimization requires that the framework is in alignment with an ERM (enterprise risk management) framework. 

Various risk management standards and frameworks can apply, including ISO 31000, COSO ERM and Risk IT. 

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.


This article provided an insight into the four 2020 CGEIT exam certification domains. Preparing for these domains efficiently will keep candidates from feeling uncertain comes time to take the exam. Learning from CGEIT-approved material, which students can access from ISACA’s CGEIT Train AND PREPARE webpage, is a critical step in the journey to becoming CGEIT-certified. 



ISACA Updates Exam Content Outline for the CGEIT Certification, ISACA

What are the major changes to the CGEIT job practice in 2020?, ISACA

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.