Mapping Cgeit and Cobit

Mapping CGEIT and CobiT ControlsApplicable Cobit Control Objectives for CGEIT: 66

CGEITJob Practice Domains Task StatementNo. Domain No.

1

1

1

2 2

3 3

4 4

5 5

6 6

7 7

8

9 9

10 10

11 11

Sr. No.

IT Governance Framework

11

1

11

12

2

1

13 2

14 3

15 4

16 5

17 6

18 7

19 8

20 921

10

22 11

23 12

24

3 Value Delivery

1

25 2

26 3

27 4

IT Governance Framework

Strategic Alignment

28

3 Value Delivery

5

29 6

30 7

31 8

32 9

33 10

34 11

35

4

1

36 2

37 3

38 4

39 5

40 6

41 7

Risk Management

41

4

7

42 8

43

5

1

44 2

45 3

46 4

47 5

48 6

49 7

50 8

51 9

52 10

53 11

54

6

1

Risk Management

Resource Management

Performance Measurement

55

6

2

56 3

57 4

58 5

59 6


Mapping CGEIT and CobiT ControlsApplicable Cobit Control Objectives for CGEIT: 66

CGEIT CobiTTask Statement Contols

Statement No.PO1.4PO4.5PO6.1

ME4.1PO1.2PO4.1

ME4.1

PO4.2

PO4.3

PO4.5PO1.1ME4.3PO1.2

ME3.1

ME3.2

ME3.3

PO3.3

ME4.7

PO1.5

PO6.4

ME4.1

ME4.2

PO4 .6

Report IT governance status and issues, and effect transparency in reporting.ME4.6ME 3.5

PO6.4

Define the requirements and objectives for, and drive the establishment of, IT governance in an enterprise, considering values, philosophy, management style, IT awareness, organization, standards and policies.

Ensure that an IT governance framework exists and is based on a comprehensive and repeatable IT process and control model that is aligned with the enterprise governance framework.

Establish appropriate management governance structures, such as an enterprise investment committee, IT strategy committee, IT steering committee, technology council, IT architecture review board, business needs committee and IT audit committee.

Ensure that the enterprise and IT governance frameworks enable the enterprise to achieve optimal value for the enterprise.

Confirm that the IT governance framework ensures compliance with applicable external requirements and ethical statements that are aligned with, and confirm delivery of, the enterprise’s goals, strategies and objectives.

Obtain independent assurance that IT conforms with relevant external requirements; contractual terms; organizational policies, plans and procedures; generally accepted practices; and the effective and efficient practice of IT.

Apply IT best practices to enable the business to achieve optimal value from implementation of IT services and IT-enabled business solutions.

Ensure the establishment of a framework for IT governance monitoring (considering cost/benefits analyses of controls, return on investment for continuous monitoring, etc.), an approach to track all IT governance issues and remedial actions to closure, and a lessons-learned process.

Ensure that appropriate roles, responsibilities and accountabilities are established and enforced for information requirements, data and system ownership, IT processes, and benefits and value realization.

Establish a communications plan to continuously market, communicate and reinforce the need and value of IT governance across the enterprise.

PO6.5

ME4.1PO1.4PO1.5PO2.1

PO6.3

Identify and take action on barriers to strategic alignment. PO6.1

PO6.5

PO4.6

PO1.2

ME4.3

PO1.4PO6.3

PO6.4

ME4.2

PO3.3

PO1.1

PO5.1

ME4.1PO1.6PO5.1

ME4.1PO1.1PO5.1PO10.1PO10.2

ME4.1ME4.3PO5.2ME4.3

Establish a communications plan to continuously market, communicate and reinforce the need and value of IT governance across the enterprise.

Define and implement a strategic planning framework, requiring and facilitating collaborative and integrated business and IT management planning.

Actively support/promote and participate in IT management planning by employing best practice enterprise architecture (EA) frameworks.

Ensure that appropriate policies and procedures are in place, understood and followed to support IT and business strategic alignment.

Ensure that effective communication and engagement exists between business and IT management regarding shared strategic initiatives and performance.

Ensure business and IT goals cascade down through the enterprise into clear roles, responsibilities and actions.

Assist senior management by aligning IT initiatives with business objectives and facilitating prioritization of business strategies that optimally achieve business objectives.

Identify and monitor the interdependencies of strategic initiatives and their impact on value delivery and risk.

Ensure that the strategic planning process is adequately documented, transparent and meets stakeholder needs.

Maintain and update the IT management plans, artifacts and standards for the enterprise.

Monitor, evaluate and report on the effectiveness of the alignment of IT and enterprise strategic initiatives.

Monitor and assess current and future technologies and provide advice on the costs, risks and opportunities that they bring.

Ensure that business takes ownership and accountability for business cases, business transformation, organizational change, business process operation and benefit realization for all IT-enabled business investments.

Ensure that all IT-enabled investments are managed as a portfolio of investments.

Ensure that all IT-enabled investments are managed as programs and include the full scope of activities and expenditures that are required to achieve business value.

Ensure that all IT-enabled investments are managed through their full economic life cycle so that value is optimized.

PO10.3PO5.1

PO10.7

PO5.5PO1.1DS1.3DS1.4

PO5.3

PO5.4

PO10.13ME 1.1ME 1.2ME 1.4ME 1.5ME 1.6

DS 1.5PO1.1

PO5.5

ME4.2

PO4.8PO9.1PO9.4

PO9.1

PO4.8PO9.2PO10.9DS2.3PO9.2PO10.9

ME4.5PO9.2PO9.3PO9.4PO9.5ME4.5AI1.2PO9.3

Recognize that different categories of investments need to be evaluated and managed differently.

Ensure that all IT solutions are developed and maintained effectively and efficiently through the development life cycle to deliver the required capabilities.

Ensure that all IT services are delivered to the business with the right service levels.

Ensure that IT services enable the business to create the required business value using assets (people, applications, infrastructure and information) to deliver the appropriate capabilities at optimal cost.

Define and monitor appropriate metrics for the measurement of solution and service delivery against objectives and for the measurement of benefits realized, and respond to changes and deviations.

Engage all stakeholders and assign appropriate accountability for delivery of business and IT capabilities and realization of benefits.

Ensure that IT investments, solutions and services are aligned with the enterprise strategies and architecture

Ensure that IT risk identification, assessment, mitigation, management, communication and monitoring strategies are integrated into business strategic and tactical planning processes.

Align the IT risk management processes with the enterprise business risk management framework (where this exists).

Ensure a consistent application of the risk management framework across the enterprise IT environment.

Ensure that risk assessment and management is included throughout the information life cycle.

Define risk management strategies, and prioritize responses to identified risks to maintain risk levels within the appetite of the enterprise.

Ensure that risk management strategies are adopted to mitigate risk and to manage to acceptable residual risk levels.

Implement timely reporting on risk events and responses to appropriate levels of management (including the use of key risk indicators, as appropriate).

PO9.6

PO9.6

ME4.5PO7.1PO7.2

DS7.1

PO7.3

PO7.4

PO4.12

PO4.1

PO7.1

ME4.4

PO4.5

PO7.2

AI5.1

ME4.4

PO1.3PO4.5PO7.1PO7.2PO7.7PO1.4PO1.5ME4.4

PO3.2

PO1.5

PO5.2

PO1.4

PO5.1

ME1.1

ME1.3

Implement timely reporting on risk events and responses to appropriate levels of management (including the use of key risk indicators, as appropriate).

Establish monitoring processes and practices to ensure the completeness and effectiveness of established risk management processes.

Ensure that the requirements for trained resources with the requisite skill sets are understood and are assessed appropriately.

Ensure the existence of appropriate policies for the training and development of all staff to help meet enterprise requirements and personal/professional growth.

Develop and facilitate the maintenance of systems to record the resources available and potentially available to the enterprise.

Undertake gap analyses to determine shortfalls against requirements to ensure that the business and IT resources (people, application, information, infrastructure) are able to meet strategic objectives.

Effectively and efficiently ensure clear, consistent and enforceable human resource allocation to investment programs and services.

Ensure that sourcing strategies are based on the effective use of existing resources and the identification of those that need be acquired.

Ensure that people, hardware, software and infrastructure procurement policies exist to effectively and efficiently fulfill resource requirements.

Through periodic assessment of the training requirements for human resources, ensure that sufficient, competent and capable human resources are available to execute the current and future strategic objectives and that they are kept up to date with constantly evolving technology.

Ensure integration of resource identification, classification, allocation and periodic evaluation processes into the business’s strategic and tactical planning and operations.

Ensure that the IT infrastructure is standardized; economies of scale are achieved, wherever possible; and interoperability exists, where required, to support the agility needs of the enterprise.

Ensure that IT assets are managed and protected through their economic life cycle and are aligned with current and long-term business operations requirements to support cost-effective achievement of business objectives

Establish the enterprise's strategic IT objectives, with the board of directors and executive leadership team, categorized into four areas: financial (business contribution), customer (user orientation), internal process (operational excellence), learning and growth (future orientation), or whatever areas are appropriate for the enterprise.

ME1.2ME1.3ME1.4

ME1.4

ME4.3

ME1.4

ME1.6

ME1.5

ME4.6

Establish outcome and performance measures, supported by metrics, and targets that assess progress toward the achievement of enterprise and IT objectives and the business strategy.

Evaluate IT process performance, track IT investment portfolio performance, and measure IT service delivery through the use of outcome measures and performance drivers.

Use maturity models and other assessment techniques to evaluate and report on the health of the enterprise’s performance level.

Use continuous performance measurement to identify, prioritize, initiate and manage improvement initiatives and/or appropriate management action.

Report relevant portfolio, program and IT performance to relevant stakeholders in an appropriate, timely and accurate manner

CobiTContols

DescriptionIT Stratetic PlanIT Organizational StructureIT Policy and Control Environment

Establishment of an IT Governance FrameworkBusiness-IT AlignmentIT Process Framework

Establishment of an IT Governance Framework

IT Strategy Committee

IT Steering Committee

IT Organizational StructureIT Value ManagementValue DeliveryBusiness-IT Alignment

Monitor Future Trends and Regulations

Independent Assurance

IT Tactical Plans

Policy, Standard and Procedures Rollout

Establishment of an IT Governance Framework

Strategic Alignment

Establishment of Roles and ResponsibilitiesPerformance MeasurementIntegrated Reporting


Identification of External Legal, Regulatory and Contractual Compliance Requirements

Optimization of Response to External Requriements

Evaluation of Compliance With External Requirements

Communication of IT Objetive and Direction

Establishment of an IT Governance FrameworkIT Stratetic PlanIT Tactical PlansEnterprise Information Architecture model

IT Policies Management

IT Policy and Control Environment

Communication of IT Objetive and Direction

Establishment of Roles and Responsibilities

Business-IT Alignment

Value Delivery

IT Stratetic PlanIT Policies Management


Strategic Alignment

Monitor Future Trends and Regulations

IT Value Management

Financial Management Framework

Establishment of an IT Governance FrameworkIT Portfolio ManagementFinancial Management Framework

Establishment of an IT Governance FrameworkIT Value ManagementFinancial Management FrameworkProgramme Management FrameworkProject Management Framework

Establishment of an IT Governance FrameworkValue DeliveryPrioritization within IT BudgetValue Delivery

Project Management ApproachFinancial Management Framework

Integrated Project Plan

Benefit ManagementIT Value ManagementService Level AgreementsOperating Level Agreements

IT Budgeting

Cost Management

Monotoring ApproachDefinition and collection of Monitoring DataPerformance AssessmentBoard and Executive ReportingRemedial Actions

IT Value Management

Benefit Management

Strategic Alignment

Responsibility of Risk, Security and ComplianceIT Risk Management FrameworkRisk Assessment

IT Risk Management Framework

Responsibility of Risk, Security and ComplianceEstablishment of Risk ContextProject Risk ManagementSupplier Risk ManagementEstablishment of Risk ContextProject Risk Management

Risk ManagementEstablishment of Risk ContextEvent IdentificationRisk AssessmentRisk ResponseRisk ManagementRisk Analysis ReportEvent Identification

Project Peformane Measurement, Reporting and Monitoring

Monitoring and Reporting of Service Level Achievements

Maintenance and Monitoring of Risk Action Plan

Maintenance and Monitoring of Risk Action Plan

Risk ManagementPersonnel Recruitment and RetentionPersonnel Competencies

Identification of Education and Training Needs

Staffing of Roles

Personnel Tranining

IT Stagging

IT Process Framework

Personnel Recruitment and Retention

Resource Management

IT Organizational Structure

Personnel Competencies

Procurement Control

Resource Management

IT Organizational StructurePersonnel Recruitment and RetentionPersonnel CompetenciesEmployee Job Performance EvaluationIT Strategic PlanIT Tactical PlansResource Management

Technbology Infrastructure Plan

IT Tactical Plans

Prioritization within IT Budget

IT Strategic Plan

Financial Management Framework

Monitoring Approach

Monitoring Method

Assessment of Current Capability and Performance

Definition and collection of Monitoring DataMonitoring MethodPerformance Assessment

Performance Assessment

Value Delivery

Performance Assessment

Remedial Actions

Board and Executive Reporting


Mapping Matrix - COBIT/CGEITApplicable Cobit Control Objectives for CGEIT: 66

COBIT CGEIT

Domain Process Control Objective

IT Governance Framework (Domain 1)

TS1 TS2 TS3

1

PO1.1 - IT Value ManagementPO1.2 - Business-IT Alignment X

PO1.4 - IT Strategic Plan XPO1.5 - IT Tactical PlansPO1.6 - IT Portfolio Management

PO2.3 - Data Classification SchemaPO2.4 - Integrity Management

PO3.1 - Technological Direction Planning

PO3.2 - Technology Infrastructure Plan

PO3.4 - Technology StandardsPO3.5 - IT Architecture BoardPO4.1 - IT Process Framework XPO4.2 - IT Strategy Committee XPO4.3 - IT Steering Committee X

PO4.5 - IT Organizational Structure X X

PO4.9 - Data and System OwnershipPO4.10 - SupervisionPO4.11 - Segregation of DutiesPO4.12 - IT StaggingPO4.13 - Key IT Personnel

Sr. No.

Plan and Orgnanize (PO)

PO1 - Define a Strategic IT Plan

PO1.3 - Assessment of Current Capability and Performance

PO2 - Define the Information Architecture

PO2.1 - Enterprise Information Architecture Model

PO2.2 - Enterprise Data Dictionary and Data Syntax Rules

PO3 - Determine Technological Direction PO3.3 - Monitor Future Trends and

Regulations

PO4 - Define the IT Processes, Organization and Relationship

PO4.4 - Organizational Placement of IT Function

PO4.6 - Establishment of Roles and Responsiblities

PO4.7 - Responsibility of IT Quality Assurance

PO4.8 - Responsibility of Risk, Security and Compliance

PO4.14 - Contracted Staff Policies and Procedures

1

PO4.15 - Relationships

PO5.1 - Financial Management Framework

PO5.2 - Prioritization within IT BudgetPO5.3 - IT BudgetingPO5.4 - Cost ManagementPO5.5 - Benefit Management

PO6.1 - IT Policy and Control Environment X

PO6.3 - IT Policies Management

PO7.2 - Personnel CompetenciesPO7.3 - Staffing of RolesPO7.4 - Personnel TraniningPO7.5 - Dependence Upon Individuals

PO7.6 - Personnel Clearance Procedures

PO7.8 - Job change and Termination

PO8 - Manage Quality

PO8.1 - Quality Management System

PO8.2 - IT Standards and Quality Practices

PO8.4 - Customer FocusPO8.5 - Continuous Improvement

PO9.1 - IT Risk Management FrameworkPO9.2 - Establishment of Risk ContextPO9.3 - Event IdentificationPO9.4 - Risk AssessmentPO9.5 - Risk Response


PO4 - Define the IT Processes, Organization and Relationship

PO5 - Manage the IT Investment

PO6 - Communicate Management Aims and Directions

PO6.2 - Enterprise IT Risk and Control Framework

PO6.4 - Policy, Standard and Procedures Rollout

PO6.5 - Communication of IT Objective and Direction

PO7 - Manage IT Human Resources

PO7.1 - Personnel Recruitment and Retention

PO7.7 - Employee Job Performance Evaluation

PO8.3 - Development and Acquisition Standards

PO8.6 - Quality Measurement, Monitoring and Review

PO9 - Assess and Manage IT Risks

PO9.6 - Maintenance and Monitoring of Risk Action Plan

PO10 - Manage Projects

PO10.1 - Programme Management Framework

1

PO10.2 - Project Management Framework

PO10.3 - Project Management ApproachPO10.4 - Stakeholder CommitmentPO10.5 - Project Scope StatementPO10.6 - Project Phase InitiationPO10.7 - Integrated Project PlanPO10.8 - Project ResourcesPO10.9 - Project Risk ManagementPO10.10 - Project Quality PlanPO10.11 - Project Change Control

PO10.14 - Project Closure

2

AI1.2 - Risk Analysis Report

AI2.1 - High Level DesignAI2.2 - Detailed Design

AI2.3 - Application Control and Auditability

AI2.4 - Application Security and Availability

AI2.6 - Major Upgrades of Existing Systems

AI2.8 - Software Quality Assurance

AI2.10 - Application Software Maintenance


PO10 - Manage Projects

PO10.12 - Project Planning of Assurance Methods

PO10.13 - Project Peformane Measurement, Reporting and Monitoring

Aquire and Implement (AI)

AI1 - Identify Automated Solution

AI1.1 - Definition and Maintenance of Business Functional and Technical Requirements

AI1.3 - Feasibility Study and Formulation of Altenative Courses of Action

AI1.4 - Requirements and Feasibility Decision and Approval

AI2 - Aquire and Maintain Application Software

AI2.5 - Configuration and Implementation of Acquired Application Software

AI2.7 - Development of Application Software

AI2.9 - Applications Requirements Management

AI3 - Acquire and Maintain Technology Infrastructure

AI3.1 - Technological Infrastructure Acquisition Plan

2 AI3.3 - Infrastructure MaintenanceAI3.4 - Feasibility Test Environment

AI4.1 - Planning for Operational Solutions

AI4.3 - Knowledge Transfer to End Users

AI5.1 - Procurement ControlAI5.2 - Supplier Contract ManagementAI5.3 - Supplier SelectionAI5.4 - IT Resources Acquisition

AI6 - Manage Changes

AI6.1 - Change Standards and Procedures

AI6.3 - Emergency Changes

AI7.1 - TrainingAI7.2 - Test PlanAI7.3 - Implementation PlanAI7.4 - Test EnvironmentAI7.5 - System and Data ConversionAI7.6 - Testing of ChangesAI7.7 - Final Acceptance TestAI7.8 - Promotion to ProductionAI7.9 - Post Implementation Review

3

DS1.2 - Definition of ServicesDS1.3 - Service Level AgreementsDS1.4 - Operating Level Agreements

DS2.2 - Supplier Relationship ManagementDS2.3 - Supplier Risk Management

Aquire and Implement (AI)

AI3 - Acquire and Maintain Technology Infrastructure

AI3.2 - Infrastructure Resource Protection and Availability

AI4 - Enable Operation and Use

AI4.2 - Knowledge Transfer to Business Management

AI4.4 - Knowledge Transfer to Operations and Support Staff

AI5 - Procure IT Resources

AI6.2 - Impact Assessment, Prioritization and Authorization

AI6.4 - Changes Status Tracking and Reporting

AI6.5 - Change Closure and Documentation

AI7 - Install and Accredit Solutions and Changes

Deliver and Support (DS)

DS1 - Define and Manage Service Levels

DS1.1 - Service Level Management Framework

DS1.5 - Monitoring and Reporting of Service Level Achievements

DS1.6 - Review of Service Level Agreements and Contracts

DS2 - Manage Third-Party Services

DS2.1 - Identification of All Supplier Relationships

3

DS2.4 - Supplier Performance Monitoring

DS3.2 - Current Performance and Capacity

DS3.3 - Future Performance and CapacityDS3.4 - IT Resources AvailabilityDS3.5 - Monitoring and ReportingDS4.1 - IT Continuity FrameworkDS4.2 - IT Continuity PlansDS4.3 - Critical IT Resources

DS4.4 - Maintenance of IT Continuity Plan

DS4.5 - Testing of the IT Continuity PlanDS4.6 - IT Continuity Plan Training

DS4.7 - Distribution of IT Continuity Plan

DS4.8 - Service Recovery and ResumptionDS4.9 - Offsite Backup StorageDS4.10 - Post-Resumption ReviewDS5.1 - Management of IT SecurityDS5.2 - IT Security PlanDS5.3 - Identity ManagementDS5.4 - User Account Management

DS5.6 - Security Incident Definition

DS5.7 - Protection of Security Technology

DS5.8 - Cryptographic Key Management

DS5.10 - Network SecurityDS5.11 - Exchange of Sensitive DataDS6.1 - Definition of ServicesDS6.2 - IT AccountingDS6.3 - Cost Modeling and ChargingDS6.4 - Cost Model Maintenance

DS7.2 - Delivery of Training and Education


DS2 - Manage Third-Party Services

DS3 - Manage Performance and Capacity

DS3.1 - Performance and Capacity Planning

DS4 - Ensure Continuous Service

DS5 - Ensure Systems Security

DS5.5 - Security Testing, Surveillance and Monitoring

DS5.9 - Malicious Software Prevention, Detection and Correction

DS6 - Identify and Allocate Costs

DS7 - Educate and Train Users

DS7.1 Identification of Education and Training Needs

3

DS7.3 - Evaluation of Training ReceivedDS8.1 - Service Desk

DS8.2 - Registration of Customer QueriesDS8.3 - Incident EscalationDS8.4 - Incident ClosureDS8.5 - Reporting and Trend Analysis

DS9.3 - Configuration Integrity Review

DS10.2 - Problem Tracking and ResolutionDS10.3 - Problem Closure

DS11 - Manage Data

DS11.4 - DisposalDS11.5 - Backup and Restoration

DS12.1 - Site Selection and LayoutDS12.2 - Physical Security MeasuresDS12.3 - Physical Access

DS12.5 - Physical Facilities Management

DS13.2 - Job SchedulingDS13.3 - IT Infrastructrure Monitoring

4

ME1.1 - Monotoring Approach


DS7 - Educate and Train Users

DS8 - Manage Service Desk and Incidents

DS9 - Manage the Configuration

DS9.1 - Configuration Repository and Baseline

DS9.2 - Identification and Maintenance of Configuration Items

DS10 - Manage Problems

DS10.1 - Indentification and Classification of Problems

DS10.4 - Integration of Configuration, Incident and Problem Management

DS11.1 - Business Requirements for Data Management

DS11.2 - Storage and Retention Arrangements

DS11.3 - Media Library Management System

DS11.6 - Securiyt Requirements for Data Management

DS12 - Manage the Physical Environment DS12.4 - Protection Against Environmental

Factors

DS13 - Manage Operations

DS13.1 - Operations Procedures and Instructions

DS13.4 - Sensitive Documents and Output Devices

DS13.5 - Preventive Maintenance for Hardware

Monitor and Evaluate (ME)

ME1 - Monitor and Evaluate IT Performance

ME1.2 - Definition and collection of Monitoring Data

4

ME1.3 - Monitoring MethodME1.4 - Performance Assessment

ME1.5 - Board and Executive ReportingME1.6 - Remedial Actions

ME2.2 - Supervisory ReviewME2.3 - Control ExceptionsME2.4 - Control Self-assessmentME2.5 - Assurance of Internal Control

ME2.6 - Internal Control at Third PartiesME2.7 - Remedial Actions

ME3.4 - Positive Assurance of complianceME3.5 - Integrated Reporting

X XME4.2 - Strategic AlignmentME4.3 - Value DeliveryME4.4 - Resource ManagementME4.5 - Risk ManagementME4.6 - Performance MeasurementME4.7 - Independent Assurance

Monitor and Evaluate (ME)

ME1 - Monitor and Evaluate IT Performance

ME2 - Monitor and Evaluate Internal Control

ME2.1 - Monitoring of Internal Control Framework

ME3 - Ensure Compliance With External Requriements

ME3.1 - Identification of External Legal, Regulatory and Contractual Compliance Requirements

ME3.2 - Optimization of Response to External Requriements

ME3.3 - Evaluation of Compliance With External Requirements

ME4 - Provide IT Governance

ME4.1 - Establishment of an IT Governance Framework

CGEITIT Governance Framework (Domain 1) Strategic Alignment (Domain 2)

TS4 TS5 TS6 TS7 TS8 TS9 TS10 TS11 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9 TS10X

X X

X XX X

X

X

X X

X

X X

X X X

X X

X

X

X

X

X XX

X X

XX

CGEITStrategic Alignment (Domain 2) Value Delivery (Domain 3) Risk Management (Domain 4)

TS11 TS12 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9 TS10 TS11 TS1 TS2 TS3 TS4 TS5X X X X

X

X

X X

X X X X

XXX

X X

X XX X

X

X

X

X

X

X X

X

XX

X

X

X

X

X

XX

X X XX X

X X

X

CGEITRisk Management (Domain 4) Resource Management (Domain 5) Performance Measrt (Domain 6)

TS6 TS7 TS8 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9 TS10 TS11 TS1 TS2 TS3 TS4

XXX X

X

X

X X

X

X

X

X X XX X X

XX

X

XX XXX

X X

X

X

X

X

X

X XX X X

XX X X

X X

CGEITPerformance Measrt (Domain 6)

TS5 TS6

XX

X