CGEIT Domain 5: Resource Optimization [DECOMMISSIONED ARTICLE]

Fakhar Imam
May 26, 2018 by
Fakhar Imam

NOTE: This article is based on an old version of the CGEIT exam, and should not be consulted for information on the current exam.

Please consult the article CGEIT Certification: Overview and Career Path for the most recent information on this topic.




Resource optimization is the fifth (5) and last domain of ISACA’s Certified in the Governance of Enterprise IT (CGEIT) exam. This domain covers 15% of the overall objectives of the exam. The objective of this domain is to ensure that the use and allocation of IT resources, including infrastructure, applications, people, information, and services support the accomplishment of enterprise objectives. The following sections describe resource optimization material in greater detail. Candidates must have a thorough understanding of these concepts to successfully pass the CGEIT exam.

What Topics Are Covered in This Domain?

This domain covers seven task statements and nine knowledge statements. Below, candidates can see detailed outlines of each concept under this domain.

Get certified with an Exam Pass Guarantee

Get certified with an Exam Pass Guarantee

Looking to get certified? Many of our boot camps are backed by an Exam Pass Guarantee, ensuring you leave with the certification you want.

Task Statements:

  1. Ensure that processes are in place to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people).
  2. Evaluate, direct, and monitor sourcing strategies to ensure existing resources are taken into account to optimize IT resource utilization.
  3. Ensure the integration of IT resource management into the enterprise’s strategic and tactical planning.
  4. Ensure the alignment of IT resource management processes with the enterprise’s resource management processes.
  5. Ensure that a resource gap analysis process is in place so that IT is able to meet strategic objectives of the enterprise.
  6. Ensure that policies exist to guide IT resource sourcing strategies that include service-level agreements (SLAs) and changes to sourcing strategies.
  7. Ensure that policies and processes are in place for the assessment, training, and development of staff to address enterprise requirements and personal/professional growth.

Knowledge Statements:

  1. Knowledge of IT resource planning methods
  2. Knowledge of human resource procurement, assessment, training, and development methodologies
  3. Knowledge of processes for acquiring application, information, and infrastructure resources
  4. Knowledge of outsourcing and offshoring approaches that may be employed to meet the investment program and operation level agreements (OLAs) and service level agreements (SLAs)
  5. Knowledge of methods used to record and monitor IT resource utilization and availability
  6. Knowledge of methods used to evaluate and report on IT resource performance
  7. Knowledge of interoperability, standardization, and economies of scale
  8. Knowledge of data management and data governance concepts
  9. Knowledge of service level management concepts

What Do I Need to Know About Resource Optimization?

Resource optimization allows enterprises to meet resource requests in an optimal fashion—this means that the available IT resources are working appropriately to achieve enterprise-established goals successfully. CGEIT professionals should learn how to execute resource optimization best practices to achieve enterprise objectives. For this to be done effectively, they need to define the key resources utilized for IT activities and processes, define strategies for their procurement, ensure their management and availability, and optimize their use in the organization. In a nutshell, resource optimization is aimed at achieving desired results within a set budget and timeframe with minimum utilization of IT resources.

The lack of resource optimization can place enterprise on the verge of serious data breaches and, therefore, cause them to fail to achieve their core business objectives.

Human Resource Management (HRM): Human resources is the biggest asset in any enterprise. Below, you will learn some essential elements of HRM.

  • Human Resource Procurement: Human resource procurement involves obtaining and ensuring the right number and type of manpower in the organization. The framework or process for human resource procurement involves human resource planning, recruitment, and job analysis.
  • Human Resource Assessment: Human resource departments or managers conduct assessments to predict the future performance of a workforce. Human resource assessments are used by an enterprise to determine whether a particular employee can fulfill the job and has the appropriate skill sets to perform effectively. Several types of assessments include cognitive and personality assessment, motivational assessment, organizational assessment, and evaluation in accordance with the performance standards.
  • Human Resource Training and Development: Human resource training and development is an educational process in the enterprises for sharpening concepts, skills, changing attitudes, and obtaining more knowledge to improve employees’ performance.

Outsourcing and Offshoring Approaches: Outsourcing is a business practice whereby a company hires a third party to create goods and perform services that were traditionally carried out in-house by the company’s staff and employees. Outsourcing programs are not only for the enterprise’s budget saving approach but also for quality improvements, better risk management of internal resources, and scalability. On the other hand, offshoring is the practice of acquiring services or products from another country or relocating production to another country. Enterprises can use outsourcing and offshoring to meet the investment program and service level agreements (SLAs) and operation level agreements (OPAs). An SLA is a contract between the service provider and the user or the client organization. It ensures that both service provider and the user/client organization are in compliance with agreed terms and conditions. An OLA describes the interdependent relationship in support of the SLA.

Enterprises can involve “governance processes” to identify, manage, and audit outsourcing contracts, including SLAs and OLAs. The clear auditability should be conducted periodically to evaluate potential risks.

Methods for Recording and Monitoring IT Resource Utilization and Availability: The Information technology infrastructure library (ITIL), a set of detailed practices for IT service management, includes three processes—capacity management, demand management, and service availability—that further incorporate the methods for resource utilization and availability. Availability management and capacity management are also incorporated in the ISO-20000 standard for service management, under the heading “Service Delivery Processes.” In V3 of ITIL, availability management and capacity management are included in the service design book, while demand management is covered in the service strategy book. The methods and processes utilized in these processes are listed below:

  • Demand Management: This is a vital aspect of IT service management because poorly managed demand can be a source of risks for service providers due to the uncertainty of demands.
  • Capacity Management: Capacity management ensures that the performance and capacity of the IT systems and services meet the growing demands of the enterprise in the most cost-effective fashion and timely manner. Below is the list of essential subcategories of capacity management.
    • Idle capacity
    • Productive capacity
    • Nonproductive capacity
    • Service capacity management
    • Business capacity management
    • Component capacity management
  • Availability Management: Availability management deals with availability-related issues of services, resources, and components and ensures that availability targets in all the areas are achieved in a cost-effective fashion. There are two interconnected levels on which availability management should occur to improve and continually optimize the availability of IT systems and services. These two interconnected levels are:
    • Reactive activities
    • Proactive activities

Evaluating and Reporting on IT Resource Performance: IT resources are evaluated to ensure that they are performing effectively to achieve business targets. First and foremost, management evaluates the IT resource performance and then reports its findings to find out if further measures are required to improve the performance of these resources.

Where Should I Focus My Time Studying in This Domain?

Though taking any exam is stressful, candidates can make it easier by improving the way they study. Whether the student is a morning person or a night owl, he/she should study on a consistent time schedule for each day, rather than resorting to last-minute cramming. Studying for the CGEIT exam efficiently and effectively will keep candidates from feeling unprepared and set them on the path to success. Doing so requires the candidates to review the CGEIT syllabus, pay attention in the class, prepare good notes, and make studying a part of their daily habits. In addition, candidates should also focus on some additional tips listed below:

  • Use diagrams and flowcharts.
  • Practice old CGEIT exams.
  • Explain answers to others to better understand the theory behind the questions.
  • Take regular breaks.
  • Try to get rid of all types of distractions and sit in a quiet location when studying.

More important, candidates should pay heed to CGEIT-approved material, much of which is available at the ISACA Official Bookstore. In addition, candidates should reference this “CGEIT Resources” article to get the best preparation material for the CGEIT exam.


InfoSec CGEIT Boot Camp—Your Best Bet

InfoSec Institute's CGEIT Boot Camp Training is specifically designed to prepare students for ISACA's certification on IT governance principles and practices. You can enroll in this course to acquire a professional CGEIT certification.

InfoSec has been one of the most awarded (42 industry awards) and trusted information security training vendors for 17 years.

Get certified with our Exam Pass Guarantee

Get certified with our Exam Pass Guarantee

Many of our boot camps come with an Exam Pass Guarantee: if you fail on your first attempt, we'll invite you to re-sit the course for free and cover the cost of your second exam.

InfoSec also offers thousands of articles on a variety of security topics.

Fakhar Imam
Fakhar Imam

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.