http://bka.lt/

Certification Details forCertified in the Governance of

Enterprise IT (CGEIT)

ISACA®Pasitikėjimas informacinėmis sistemomis ir jų nauda

Dainius Jakimavičius, CGEITISACA Lietuva tyrimų ir metodikos koordinatorius

Matematikos mokslų daktarasLietuvos Respublikos valstybės kontrolės Informacinių sistemų ir infrastruktūros audito departamento direktorius

Market need for CGEIT

• Individual

Defines the roles and responsibilities of professionals performing ITgovernance work and recognizes their professional knowledge andcompetencies; skill-sets; abilities and experiences

• Enterprise

Supports through the demonstration of a visible commitment toexcellence in IT governance practices

• Business

Increases the awareness of IT governance good practices and issues

• Profession

Supports those that provide IT governance management, advisory orassurance direction and strategy

CGEIT: Who is it for?

The CGEIT certification is intended to recognize a widerange of professionals for their knowledge andapplication of IT governance principles and practices. It isdesigned for professionals who have management,advisory, or assurance responsibilities as defined by theCGEIT Job Practice consisting of IT governance relatedtask and knowledge statements.

CGEITs in the Workplace

• Nearly 400 are employed in organizations as the CEO, CFO or equivalentexecutive position.

• Almost 200 serve as chief audit executives, audit partners or audit heads.

• Over 500 serve as CIOs, CISOs, or chief compliance, risk or privacy officers.

• More than 600 are employed as security directors, managers or consultantsand related staff.

• Over 1,200 are employed as IT directors, managers, consultants and relatedstaff.

• More than 950 serve as audit directors, managers or consultants andrelated staff.

• Over 650 are employed in managerial, consulting or related positions in IToperations or compliance.

CGEITs By Geographical Area

CGEIT Job Practice(effective June 2013)

1. Framework for the Governance of Enterprise IT (25%) Ensure the definition, establishment, and management of a frameworkfor the governance of enterprise IT in alignment with the mission, visionand values of the enterprise.

2. Strategic Management (20%)Ensure that IT enables and supports the achievement of enterpriseobjectives through the integration and alignment of IT strategic planswith enterprise strategic plans.

3. Benefits Realization (16%)Ensure that IT-enabled investments are managed to deliver optimizedbusiness benefits and that benefit realization outcome andperformance measures are established, evaluated and progress isreported to key stakeholders.

CGEIT Job Practice Areas (effective June 2013, continued)

4. Risk Optimization (24%) Ensure that an IT risk management frameworks exists to identify,analyze, mitigate, manage, monitor, and communicate IT-relatedbusiness risk and that the framework for IT risk management is inalignment with the enterprise risk management (ERM) framework.

5. Resource Optimization (15%) Ensure the optimization of IT resources including information,services, infrastructure and applications, and people, to support theachievement of enterprise objectives.

For more details visit www.isaca.org/cgeitjobpractice

Domain 1: Framework for the Governance of Enterprise IT

1. Ensure that a framework for the governance of enterprise IT is establishedand enables the achievement of enterprise goals and objectives to createstakeholder value, taking into account benefits realization, risk optimization,and resource optimization. (EDM01, APO01)

2. Identify the requirements and objectives for the framework for thegovernance of enterprise IT incorporating input from enablers such asprinciples, policies and frameworks; processes; organizational structures;culture, ethics and behavior; information; services, infrastructure andapplications; people, skills and competencies. (EDM01, APO01)

3. Ensure that the framework for the governance of enterprise IT addressesapplicable internal and external requirements (for example, principles,policies and standards, laws, regulations, service capabilities and contracts).(EDM01-05, APO01-02, MEA02-03, APO08-10)

Domain 1: Framework for the Governance of Enterprise IT

4. Ensure that strategic planning processes are incorporated into theframework for the governance of enterprise IT. (APO02)

5. Ensure the incorporation of enterprise architecture (EA) into theframework for the governance of enterprise IT in order to optimize IT-enabled business solutions. (APO03)

6. Ensure that the framework for the governance of enterprise IT incorporatescomprehensive and repeatable processes and activities. (EDM01, APO01)

7. Ensure that the roles, responsibilities and accountabilities for informationsystems and IT processes are established. (APO01; all COBIT processes;RACI guidance)

8. Ensure issues related to the framework for the governance of enterprise ITare reviewed, monitored, reported and remediated. (MEA01-03)

Domain 1: Framework for the Governance of Enterprise IT

9. Ensure that organizational structures are in place to enable effectiveplanning and implementation of IT-enabled business investments.(APO01; all COBIT processes; RACI guidance)

10. Ensure the establishment of a communication channel to reinforce thevalue of the governance of enterprise IT and transparency of IT costs,benefits and risk throughout the enterprise. (EDM05, APO08)

11. Ensure that the framework for the governance of enterprise IT isperiodically assessed, including the identification of improvementopportunities. (EDM05, MEA01-03)

Domain 2: Strategic Management

1. Evaluate, direct and monitor IT strategic planning processes toensure alignment with enterprise goals. (EDM02-05, APO02)

2. Ensure that appropriate policies and procedures are in place tosupport IT and enterprise strategic alignment. (All COBIT processes)

3. Ensure that the IT strategic planning processes and related outputsare adequately documented and communicated. (APO02)

4. Ensure that enterprise architecture (EA) is integrated into the ITstrategic planning process. (APO03)

5. Ensure prioritization of IT initiatives to achieve enterprise objectives.(EDM02-05; APO05 )

6. Ensure that IT objectives cascade into clear roles, responsibilitiesand actions of IT personnel. (APO domain processes)

Domain 3: Benefits Realization

1. Ensure that IT-enabled investments are managed as a portfolio ofinvestments. (EDM02-05; APO05 )

2. Ensure that IT-enabled investments are managed through theireconomic life cycle to achieve business benefit. (EDM02, EDM05,APO05, MEA01-03, BAI05, BAI01)

3. Ensure business ownership and accountability for IT-enabledinvestments are established. (EDM02, APO05, APO08-09)

4. Ensure that IT investment management practices align withenterprise investment management practices. (APO05-06)

5. Ensure that IT-enabled investment portfolios, IT processes and ITservices are evaluated and benchmarked to achieve businessbenefit. (APO05, APO09, MEA01)

Domain 3: Benefits Realization

6. Ensure that outcome and performance measures are establishedand evaluated to assess progress towards the achievement ofenterprise and IT objectives. (MEA01, EDM05 )

7. Ensure that outcome and performance measures are monitoredand reported to key stakeholders in a timely manner. (EDM05,MEA01)

8. Ensure that improvement initiatives are identified, prioritized,initiated and managed based on outcome and performancemeasures. (APO11, MEA01, APO04, depends on how‘improvement' is defined)

Domain 4: Risk Optimization

1. Ensure that comprehensive IT risk management processes are establishedto identify, analyze, mitigate, manage, monitor, and communicate IT risk.(EDM03, APO12)

2. Ensure that legal and regulatory compliance requirements are addressedthrough IT risk management. (EDM03, MEA03, APO12, BAI01)

3. Ensure that IT risk management is aligned with the enterprise riskmanagement (ERM) framework. (APO12)

4. Ensure appropriate senior level management sponsorship for IT riskmanagement. (EDM03, APO12)

5. Ensure that IT risk management policies, procedures and standards aredeveloped and communicated. (EDM03, APO12)

6. Ensure the identification of key risk indicators (KRIs). (APO12)

7. Ensure timely reporting and proper escalation of risk events and responsesto appropriate levels of management. (EDM03, APO12, MEA02, EDM05)

Domain 5: Resource Optimization

1. Ensure that processes are in place to identify, acquire and maintain ITresources and capabilities (i.e., information, services, infrastructure andapplications, and people). (APO01 & most other APO domain processes)

2. Evaluate, direct and monitor sourcing strategies to ensure existingresources are taken into account to optimize IT resource utilization.(EDM04-05 )

3. Ensure the integration of IT resource management into the enterprise’sstrategic and tactical planning. (MEA01-03, EDM05, BAI01, APO05-06)

4. Ensure the alignment of IT resource management processes with theenterprise’s resource management processes. (EDM04, APO09, APO10,APO06)

Domain 5: Resource Optimization

5. Ensure that a resource gap analysis process is in place so that IT is able tomeet strategic objectives of the enterprise. (MEA01-03, EDM05)

6. Ensure that policies exist to guide IT resource sourcing strategies thatinclude service level agreements (SLAs) and changes to sourcing strategies.(EDM04, APO09, APO10)

7. Ensure that policies and processes are in place for the assessment, trainingand development of staff to address enterprise requirements andpersonal/professional growth. (APO07)

CGEIT Experience Requirements(For those testing June 2013 and forward)

• Earn a passing score on the CGEIT exam

• Submit verified evidence of the five years experience requirements as defined by the CGEIT Job Practice

• Submit the CGEIT application and receive approval

• Adhere to the ISACA Code of Professional Ethics

• Comply with the CGEIT Continuing Education Policy

More information may be found at www.isaca.org/cgeitrequirements

Ačiū už dėmesį!

Daugiau informacijos apie organizuojamus ISACA sertifikacijų mokymus rasite www.bka.lt

Susisiekite telefonu 8 5 2780502 arba el.paštu mokymai@bka.lt