CGEIT certification exam Domain 2: IT Resources [Updated 2021]

Greg Belding
April 1, 2021 by
Greg Belding


The Certified in Governance of Enterprise IT, or CGEIT, is an IT governance certification offered by ISACA. Comparing the 2020 CGEIT syllabus to the 2013 syllabus, you will notice that the exam has changed. One of the most apparent changes lies within the CGEIT domains of knowledge, where what was formerly Domain 5 is now Domain 2. With a change like this, what else could be different? 

Don’t worry! This article will explore Domain 2: IT resources and will detail what has changed in the exam. We’ll also look at the subtopics it contains, IT resource planning and IT resource management, and their corresponding secondary tasks. 

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.

Who is CGEIT for?

CGEIT is a certification for information security professionals in enterprise IT that want to distinguish their governance of enterprise IT knowledge and skills from the pack. More simply, this certification is for those that want to bring enterprise IT governance into an organization.

Recent changes to CGEIT

Several changes to the CGEIT certification exam have kicked in, starting in July 2020. These changes are:

  • CGEIT has shifted its focus from task statements to topic/knowledge areas (or sub-topics) in the outline of exam specifications. The new exam outline contains secondary task statements/activities in each of the four domains of knowledge that allows the candidate to apply the knowledge.
  • The sub-topics provide better organized knowledge and task statements in the domains.
  • What was formerly Domain 5 in the 2013 job practice is now Domain 2, under the new name of IT resources.
  • The domain called “strategic management” did not make it to the CGEIT exam outline (job practice). Instead, this domain has been spread throughout the other domains.
  • The knowledge statements have been rewritten throughout. This is to account for current technology, and some have been combined to avoid redundancies.
  • These changes are intended to enhance the exam preparation experience and the changes provide for a better context in which to apply the knowledge.

CGEIT: Revised

The biggest change to CGEIT is the addition of sub-topics to the exam domains. Below are the two sub-topics (or content areas) of Domain 2: IT resources, which will be the main signposts for the rest of this article:

  • IT resource planning
  • IT resource optimization

With that said, please note that this domain’s respective weight of exam content is 15%, which is the same as its corresponding domain in the 2013 job practice. 

IT resource planning

Acquisition and management of enterprise IT resources is an integral component of an IT governance system and vital for an enterprise to meet both its IT and business objectives. IT governance systems, at the heart of it, are designed to generate value from technology and information as well as to satisfy the needs of the organization’s stakeholder. Most organizations are faced with IT resource limitations, which makes their planning essential to receiving the greatest benefit and value from IT resource investment making effective management of IT resources paramount. 

Effective IT resource management requires the secondary tasks listed below.

Sourcing strategies

CGEIT candidates will be responsible for the following sourcing strategies or models:

  • Outsourced
  • Cloud
  • Insourced
  • Hybrid

Resource capacity planning

Determining the resources necessary to satisfy business needs both current and in the future. The first step for many enterprises is carrying out a resource gap analysis to determine shortcomings and if any resources need to be acquired. Below are the types of resource management this secondary task covers:

  • Availability management
  • Capacity management

Acquisition of resources

Acquisition of resources requires the following strategic choices to be made:

  • IT demand and supply
  • Human capital
  • Hardware and software acquisition process
  • Resource acquisition and outsourcing

IT resource optimization

IT resource optimization includes the efficient, effective and responsible use of all resources including human, equipment, financial, facilities and so on.

IT resource life cycle and asset management

This secondary task requires you to consider:

  • Outsourcing life cycle model
  • Asset management practices and activities
    • Identify and record current assets
    • Manage critical assets
    • Manage the asset life cycle
    • Optimize asset value

Human resource competency assessment and development

This area covers:

  • The objective of human resource management
  • Human resource management and IT personnel
  • Human resource management process practices and activities
    • Acquire and maintain adequate and appropriate staffing
    • Identify key IT personnel
    • Maintain the skills and competencies of personnel
    • Assess and recognize/reward employee job performance
    • Plan and track the usage of IT and business human resources

Management of contracted services and relationships

  • Outsourcing responsibilities
  • Outsourcing stakeholders
  • Vendor management
  • Contract provisions
  • Service-level management
  • Third-party service delivery management

Earn your CGEIT certification, guaranteed!

Earn your CGEIT certification, guaranteed!

Enroll in a CGEIT Boot Camp and earn one of the most respected certifications — guaranteed.


The Certified in Governance of Enterprise IT, or CGEIT, is an enterprise IT governance certification intended for those that want to bring enterprise IT governance into an organization. 

The certification exam has undergone a facelift of sorts to update the exam material with the latest technology, a restructuring of the focus of the exam from task and knowledge statements to topic/knowledge areas, and a shift from IT governance to information governance and big data. Specific to Domain 2, you will notice that it lines up with what was formerly Domain 5. 

Change is a constant in life — take these changes in stride and use this article to help you master Domain 2 of the CGEIT certification exam.



What are the major changes to the CGEIT job practice in 2020?, ISACA Support

CGEIT Exam Content Outline, ISACA

ISACA, “CGEIT Review Manual, 8th Edition,” 2020 

Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.