Get Started. It's Free
or sign up with your email address
ISACA® CGEIT® study guide mind map by Mind Map: ISACA® CGEIT® study guide mind map

1. CGEIT Exam Passing Principles

2. The job profile of the CGEIT® (Certified in the Governance of Enterprise IT) published in 2008 is the consistent enhancement of the initiative started in the area of IT governance: at that time, the IT Governance Institute was founded and the first COBIT® version published as a synthesis of more than 30 national and international standards. The manifold, since then published ITGI documents, covering all aspects of IT governance, as well as the numerous certified CGEIT®s reflect the relevance of the consistent expansion of governance in information technology.

2.1. Covers

2.1.1. It covers 5 domains, 32 tasks and 51 knowledge statements (statements covering the required technical knowledge).

2.2. Designation

2.2.1. The CGEIT® certification / designation reflects a solid achievement record in IT governance and in topics such as strategic direction, value creation, risk management, resources management and measurement in information technology.

2.3. The CGEIT® job profile was first published in 2008, and CGEIT® job description has been adapted for the exam in 2013.

3. Overview of the CGEIT® certification

3.1. About the CGEIT® exam

3.1.1. CGEIT® exam questions are developed with the intent of measuring and testing practical knowledge and the application of general concepts and standards.

3.1.2. PBE & CBE (only pencil & eraser are allowed). PBE - Paper based exam. CBE - Closed book exam.

3.1.3. 4 hour exam.

3.1.4. 150 multiple choice questions designed with one best answer. Several questions (about 10) are based on small scenarion

3.1.5. No negative points.

3.1.6. Pre-requisite for exam: none

3.1.7. Pre-requisite for certification: Read CGEIT® Application Form

4. Domain 1: Framework for the Governance of Enterprise IT

4.1. Domain 1 - CGEIT® Exam Relevance

4.1.1. The content area for Domain 1 will represent ... 25% of the CGEIT® examination approximately 38 questions

4.2. Benefits of IT Governance (ITG)

4.2.1. Better customer support.

4.2.2. Transformation of business to leverage technology.

4.2.3. Process Improvement.

4.2.4. Better oversight of IT investment by management.

4.2.5. Enterprise-wide consistency in IT technology, processes and procurement.

4.3. IT Governance (ITG)

4.3.1. 3 Key requirements It must be positioned as an integral part of the enterprise governance framework. There must be clear definitions of roles and responsibilities. There must be an ongoing implementation and continuity plan.

4.3.2. 5 Focus areas Strategic alignment Focuses on aligning with the business and collaborative solutions. Value delivery Concentrates on optimizing expenses and proving the value of IT. Risk management Addresses the safeguarding of IT assets, disaster recovery and continuity of operations. Resource management Optimizes knowledge and IT Infrastructure. Performance measurement Tracks project delivery and monitoring of IT services.

4.3.3. 3 Critical foundations Leadership. Structure or mechanisms. Processes. The presence of all three elements is required. IT Governance would be ineffective or compromised if any one were missing.

4.3.4. Scope of IT Governance Setting objectives. Providing direction. Evaluating the evaluation of performance. Translating the strategic direction into action. Measuring and reporting on performance.

4.3.5. Steps to Implement IT Governance (generic) 1. Define the meaning of governance in the organization. 2. Identify constraints and enablers. 3. Achieve a broad understanding of IT Governance issues and benefits 4. Agree, publish and gain acceptance of IT Governance framework, tools, processes. 5. Creation of a Project Initiation Document (PID) / Terms of Reference (ToR) 6. Create a Project Plan 7. Identify and commit resources. 8. Identify and sign off on KPIs and Critical Success Factors (CSFs). 9. Align with the business objectives.

4.3.6. External resources IT Governance - Developing a successful governance strategy. A Best Practice guide for decision makers in IT

4.4. 9 Rules for Better Governance

4.4.1. 1. Define business goals and IT goals.

4.4.2. 2. Define IT Governance processes correctly.

4.4.3. 3. Set up clear IT organizational & decision structure.

4.4.4. 4. Involve executives and board of directors.

4.4.5. 5. Manage roles & responsibilities.

4.4.6. 6. Have working IT steering and IT strategy committees.

4.4.7. 7. Manage & align the IT investment portfolio.

4.4.8. 8. Use performance measurement tools.

4.4.9. 9. Set up support communication and awareness mechanisms.

4.5. Techniques for IT Strategy

4.5.1. PESTLE Analysis PESTLE is a mnemonic which in its expanded form denotes P for Political, E for Economic, S for Social, T for Technological, L for Legal and E for Environmental. This concept is used as a tool by companies to track the environment they’re operating in or are planning to launch a new project/product/service etc. It gives a bird’s eye view of the whole environment from many different angles that one wants to check and keep a track of while contemplating on a certain idea/plan. There are certain questions that one needs to ask while conducting this analysis, which give them an idea of what things to keep in mind. They are: What is the political situation of the country and how can it affect the industry? What are the prevalent economic factors? How much importance does culture has in the market and what are its determinants? What technological innovations are likely to pop up and affect the market structure? Are there any current legislations that regulate the industry or can there be any change in the legislations for the industry? What are the environmental concerns for the industry?

4.5.2. SWOT Analysis Structured planning method used to evaluate the strengths, weaknesses, opportunities and threats involved in a project or in a business venture. Strengths: characteristics of the business or project that give it an advantage over others. Weaknesses: characteristics that place the business or project at a disadvantage relative to others. Opportunities: elements that the project could exploit to its advantage. Threats: elements in the environment that could cause trouble for the business or project. Strengths characteristics of the business or project that give it an advantage over others. Weaknesses (or Limitations) characteristics that place the business or project at a disadvantage relative to others. Opportunities characteristics that place the business or project at a disadvantage relative to others. Threats elements in the environment that could cause trouble for the business or project. SWOT analysis groups key pieces of information into two main categories: internal factors external factors Further reading

4.5.3. TOWS Analysis TOWS Analysis is a variant of the classic business tool, SWOT Analysis. TOWS and SWOT are acronyms for different arrangements of the words Strengths, Weaknesses, Opportunities and Threats. By analyzing the external environment (threats and opportunities), and your internal environment (weaknesses and strengths), you can use these techniques to think about the strategy of your whole organization, a department or a team. For each combination of internal and external environmental factors, consider how you can use them to create good strategic options: Strengths and Opportunities (SO) – How can you use your strengths to take advantage of these opportunities? Strengths and Threats (ST) – How can you take advantage of your strengths to avoid real and potential threats? Weaknesses and Opportunities (WO) – How can you use your opportunities to overcome the weaknesses you are experiencing? Weaknesses and Threats (WT) – How can you minimize your weaknesses and avoid threats?

4.5.4. Balanced Scorecard (BSC) What is it? Strategic management system that helps organization translates its strategies into objectives that drive both behaviour and performance. Both financial and non-financial. Measures are designed to track the progress of objectives against targets. Financial Share value, profit, revenue, cost of capital, debt, ROA, cash flow. Customer Market share, customer satisfaction, customer service, number of contracts, KYC, customer due diligence, number of claims. Internal Regulatory compliance, number of incidents, centralized data, process optimization. Growth Competitive advantage, reputation. Further reading variants IT Balanced Scorecard (IT BSC)

4.5.5. Boston Box / Boston Consulting Group (BCG) Matrix Further reading

4.5.6. Porter’s 5 forces model The Porter's Five Forces tool is a simple but powerful tool for understanding where power lies in a business situation. This is useful, because it helps you understand both the strength of your current competitive position, and the strength of a position you're considering moving into. Five Forces Analysis assumes that there are five important forces that determine competitive power in a business situation. These are: Supplier Power: Buyer Power: Competitive Rivalry: Threat of Substitution: Threat of New Entry: Further reading

4.5.7. Porter’s value chain model Further reading

4.5.8. The McKinsey's 7S Framework The basic premise of the model is that there are seven internal aspects of an organization that need to be aligned if it is to be successful. This model proposes that organisations are subject to these seven inter-related aspects The 7-S model can be used in a wide variety of situations where an alignment perspective is useful, for example, to help you: Improve the performance of a company. Examine the likely effects of future changes within a company. Align departments and processes during a merger or acquisition. Determine how best to implement a proposed strategy. Explaining each of the elements specifically: Strategy Structure Systems Shared Values Style Staff Skills Further reading

4.5.9. The McFarlan's matrix on the strategic importance of IT

4.5.10. Lean Thinking Lean thinking links closely to the concept of delivering value. It is based on theory and practice developed for manufacturing and emphasises the removal of waste. Waste, often called “Muda” (a Japanese term) refers to everything which is not of value to the customer (internal and external). The Lean approach advocates the following 5 principles: Specify what creates value from a customer’s perspective Identify all steps across the whole value chain Make those actions happen that create the value flow Make what is “pulled” (demanded or triggered) by the customer happen just in time Strive for perfection by continually removing successive layers of waste

4.6. Enterprise Architecture

4.6.1. What is Enterprise Architecture? An enterprise can be made up of: Many divisions. Many departments. Many regions. Many lines of business. Many cultures. ... Enterprise architecture attempts to align all of these diverse areas to realize economies of scale, consistent risk management, etc. Architecture can be defined as a representation of a conceptual framework of components and their relationships at a point in time EA takes a broader view of the entire enterprise and seeks to align individual architectures into a consistent model Enterprise architecture provides consistency between all the elements of the organization: Policy. Standards. Procurement. ... Enterprise architecture provides better top level oversight, monitoring and direction.

4.6.2. Business architecture Enterprise level.

4.6.3. Information architecture Business unit level.

4.6.4. Information systems architecture Systems level.

4.6.5. Data architecture Data element level.

4.6.6. Technology / Delivery systems architecture Hardware, software, networks.

4.6.7. Practical Architectural Layers Applications. Databases. Networks. Operating systems / utilities. Hardware.

4.6.8. Key Success Factors (KSFs) for Enterprise Architecture EA should be approached in a top-down, enterprise-wide fashion. EA is the link between strategy, technology, processes and organization and is one of the key IT contributions to the enterprise effort to implement strategy. For the optimal approach to doing EA in the organization, there are a number of factors to be kept in mind-size, culture, EA skill levels, stakeholder views, resources, financial strength.

4.7. 3 Key things to establishing a Framework

4.7.1. 1. Take a programme approach Instead of approaching the framework as a single project or on a piece by piece basis, take an approach that the establishment of the frameworks is a series of many inter-related projects.

4.7.2. 2. Champion or sponsor and funding Have a clearly identified project champion or and secure sufficient short and sustainable funding.

4.7.3. 3. Communication and buy-in Adoption of an IT best practice, standard or framework must be communicated to stakeholders.

4.8. 4 Types of changes

4.8.1. Evolution Transformational change is implemented gradually.

4.8.2. Revolution Transformational change that occurs simultaneously on many fronts.

4.8.3. Adaptation Realign the way in which the organization operates, using a series of steps.

4.8.4. Reconstruction Rebuilding entire business processes and models simultaneously.

4.9. Standards related to Governance of Enterprise IT (GEIT) (selected)

4.9.1. ISACA® COBIT® 5 A business framework for the governance and management of enterprise IT COBIT® 5 is a single and integrated framework for GEIT but also a guidance for management Helps enterprises create optimal value from IT by maintaining a balance between benefits and risk levels and resource use.

4.9.2. ISO ISO / IEC 38500 - Standard for corporate governance of IT ISO / IEC 20000-1:2011 Information Technology -- Service management -- Part 1: Service management system requirements ISO 2700X family of standards ISO/IEC 27001:2013 Information Technology - Security techniques - Information security management systems (ISMS) - Requirements ISO/IEC 27002:2013 Information Technology -- Security techniques - Code of practice for information security controls ISO/IEC 27003:2010 Information technology - Security techniques - Information security management system implementation guidance ISO/IEC 27005:2013 IT Risk: Turning Business Threats Into Competitive Advantage (ISRM) ...

4.10. Standards related to Management of Enterprise IT (a.k.a. "forest of methodologies, standards, frameworks")

4.10.1. Application Management (NOT application lifecycle management) ASL BiSL Foundation ASL®2 - Application Services Library 2

4.10.2. Bodies of Knowledge (selected) Business Analysis IIBA® DSDM Consortium Outsourcing Management IIOM® IAOP® Project Management PMI® Security Management (ISC)² SRMBok see Bodies of Knowledge mind map

4.10.3. COSO Enterprise Risk Management (ERM) Integrated Framework see COSO ERM-IF mind map Internal Control (IC) Integrated Framework see COSO III IC-IF mind map

4.10.4. Data Management DMBoK Data Management Body of Knowledge

4.10.5. Enterprise Architecture Department of Defense Architecture Framework (DoDAF) EABOK Enterprise Architecture Body of Knowledge Federal Government's Coordination and Advisory Board for IT in the Administration (KBSt) Standards and Architectures for e-Government Applications (SAGA) Governance Enterprise Architecture (GEA) NIST NIST Enterprise Architecture Model The Open Group TOGAF® - The Open Group Architecture Framework US Office of Management and Budget (OMB) Federal Enterprise Architecture (FEA) Zachman International® Zachman’s framework

4.10.6. IT Governance ISACA® COBIT® 5 A business framework for the governance and management of enterprise IT

4.10.7. Information Provision / Demand Management (client side NOT IT side) ASL BiSL Foundation BiSL® - Business Information Services Library

4.10.8. Maturity Models (selected) SEI CMM CMMI eSCM see Maturity Models mind map

4.10.9. Outsourcing Management IIOM® Outsourcing Management Body of Knowledge (OMBOK™) IAOP® Outsourcing Professional Body of Knowledge™ (OPBOK®)

4.10.10. Process Frameworks TM Forum eTOM - Enhanced Telecom Operations Map

4.10.11. Procurement Management ISPL Consortium ISPL® - Information Services Procurement Library

4.10.12. Project Management APM APM Body of Knowledge DSDM Consortium The DSDM® AgilePF® - Agile Project Framework AgilePM® V2 AXELOS PRINCE2® - PRojects IN Changing Environments PRINCE2® - Agile PMI Project Management Body of Knowledge (PMBOK®)

4.10.13. Programme Management DSDM Consortium AgilePgM® AXELOS MSP® - Managing Successful Programmes

4.10.14. Quality Management EFQM ISO ISO 9001 Six Sigma - Six Sigma model for quality management TickIT Quality management for IT TickIT+ Quality management for IT TQM - Total quality management QBoK Quality Body of Knowledge

4.10.15. Risk Managment ISO ISO 31000:2009 ISO 27005:2013 OCTAVE CRAMM TRA NIST-800-30 EBIOS MEHARI ... M_o_R® - Management of Risk see M_o_R® mind map

4.10.16. Value Management / Engineering AXELOS® MoV® - Management of Value SAVE International® Value Methodology Standard

4.10.17. AXELOS® AXELOS® Global Best Practices family of standards from UK. ITIL® - IT Infrastructure Library M_o_R® - Management of Risk MoV® - Management of Value MoP® - Management of Portfolios MSP® - Managing Successful Programmes PRINCE2® - PRojects IN Changing Environments PRINCE2® Agile P3O® - Portfolio, Programme and Project Office

5. Basic IT Governance (ITG) related definitions (from ISACA® CGEIT® perspective)

5.1. Accountability

5.1.1. Applies to those who either own the required resources or those who have the authority to approve the execution and / or accept the outcome of an activity within specific risk management processes.

5.1.2. Ideally only one person should be accountable - from accountability reasons. e.g. Project Management is accountable for risk affecting his project. Team Leader is accountable for risks affecting his team and work.

5.2. Asset (ISACA®)

5.2.1. Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation.

5.3. Benefits Realization (COBIT® 5)

5.3.1. “One of the objectives of governance. The bringing about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value.”

5.4. Business case (ISACA®)

5.4.1. Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle.

5.5. Framework

5.5.1. Generally accepted, business process-oriented structures that establish a common language and enable repeatable business processes.

5.6. Goal (Mission)

5.6.1. Qualitative statements that describe a state of affairs or an accomplishment necessary for the business to become what it wants to become (the business vision).

5.7. IT Governance (ITG)

5.7.1. A governance view that ensures that information and related technology support and enable the enterprise strategy and the achievement of enterprise objectives; this also includes the functional governance of IT, i.e., ensuring that IT capabilities are provided efficiently and effectively. (ISACA®, COBIT5®)

5.7.2. goal To understand the issues and the strategic importance of IT so that the enterprise can sustain its operations and implement the strategies required to extend its activities into the future. Aims at ensuring that expectations for IT are met and IT risks are mitigated.

5.8. Objectives (milestones)

5.8.1. An objective must be quantitative - a specific, measurable achievement or milestone that must be reached to accomplish a goal or mission determined by appropriate metrics.

5.9. Portfolio (ISACA®)

5.9.1. Groupings of ‘objects of interest’ (investment programmes, IT services, IT projects, other IT assets or resources) managed and monitored to optimise business value.

5.10. Portfolio Management (ISACA®)

5.10.1. The goal of portfolio management (in relations to VAL IT) is to ensure that an enterprise secures optimal value across its portfolio of IT-enabled investments.

5.11. Practice

5.11.1. Frequent or unusual actions performed as an application of knowledge.

5.12. Project (ISACA®)

5.12.1. A structured set of activities concerned with delivering a defined capability (that is necessary but not sufficient, to achieve a required business outcome) to the enterprise based on an agreed on schedule and budget.

5.13. Risk

5.13.1. The potential for events and their consequences, contains both (aka. two sides of the risk coin): Opportunities for benefit (upside / benefits) Threats to success (downside / disbenefits)

5.13.2. Risk is defined as the possibility of an event occurring that will have an impact on the achievement of objectives, and it is typically measured in terms of likelihood and impact. Risk = likelihood * impact

5.14. Standard

5.14.1. Established mandatory rules, specifications and metrics used to measure compliance against quality, value, etc.

5.15. Strategy

5.15.1. The deliberate application of means to achieve business vision and goal-related ends. The purpose of strategy is to maximize possibilities for success by effective use of the means available to an enterprise.

5.16. Value (ISACA®)

5.16.1. The relative worth or importance of an investment for an enterprise, as perceived by its key stakeholders, expressed as total lifecycle benefits net of related costs, adjusted for risk and (in the case of financial value) the time value of money.

5.17. Value creation (COBIT® 5)

5.17.1. “The main governance objective of an enterprise, achieved when the three underlying objectives (benefits realization, risk optimization and resource optimization) are all balanced.”

5.18. Value delivery

5.18.1. “Value delivery in the context of governance of IT concentrates on optimizing expenses and proving the value of IT.”

5.19. Vision

5.19.1. A statement of the enterprise’s purpose, why it exists and what it aspires to. The business vision of an enterprise is articulated by a set of goals that define what the business will strive for and where the business will invest its resources.

6. Domain 2: Strategic Management

6.1. Domain 2 - CGEIT® Exam Relevance

6.1.1. The content area for Domain 2 will represent ... 20% of the CGEIT® examination approximately 30 questions

6.2. Alignment between business and IT

6.2.1. Strategic Alignment Model (SAM) Henderson and Venkatraman2

6.2.2. Extended Strategic Alignment Model (ESAM) Maes

6.3. Strategic planning processes and techniques

6.3.1. The COBIT® 5 Goals Cascade Stakeholder needs Stakeholder Drivers Influence Stakeholder Needs Enterprise goals Stakeholder Needs Cascade to Enterprise Goals IT-related goals Enterprise Goals Cascade to IT-related Goals Enabler goals IT-related Goals Cascade to Enabler Goals

6.3.2. Value of the COBIT® 5 Cascade for Strategic Planning Defines relevant and tangible goals and objectives. Filters the knowledge base of COBIT®. Clearly identifies and communicates how enablers are important to achieve enterprise goals.

6.4. Impact of changes in business strategy on IT Strategy

6.4.1. Agility Enterprises need to be agile to keep up with their markets, and IT organizations must be agile to stay aligned with their enterprises.

6.4.2. Agility Loops Loop 1: Monitoring and deciding responsive decision making Loop 2: Improving existing processes improving existing operations Loop 3: Creating new processes creating new operations Techniques for Conducting Agility Loops Loop 1 (monitoring and deciding) Loop 2 (improving existing processes) Loop 3 (creating new processes)

6.5. Barriers to the achievement of strategic alignment

6.5.1. Expression barriers

6.5.2. Specification barriers

6.5.3. Implementation barriers

6.6. Policies and procedures necessary to support IT and business strategic alignment

6.6.1. Policies

6.6.2. Procedures

6.7. Methods to document and communicate IT strategic planning processes

6.7.1. Business Strategy

6.7.2. Balanced Scorecard (BSC) What is it? Strategic management system that helps organization translates its strategies into objectives that drive both behaviour and performance. Both financial and non-financial. Measures are designed to track the progress of objectives against targets. Financial Share value, profit, revenue, cost of capital, debt, ROA, cash flow. Customer Market share, customer satisfaction, customer service, number of contracts, KYC, customer due diligence, number of claims. Internal Regulatory compliance, number of incidents, centralized data, process optimization. Growth Competitive advantage, reputation. Further reading

6.7.3. IT Strategy

6.7.4. IT Balanced Scorecard (IT BSC)

6.8. Current and future technologies

6.9. Prioritization processes related to IT initiatives

6.9.1. Investment Portfolio Categorizations

6.9.2. IT-enabled Investment Programs Benefits of IT Investment Programs 4 types of benefits of new IT initiative

6.9.3. Return on Investment (ROI) The ROI of an IT-driven initiative answers the question, Is this project worth doing? Is this process worth continuing? The process of calculating ROI requires the input from both business and technical people. To be complete, ROI analysis should be performed twice. The first analysis should show the net present value (NPV) of the initiative using the low end of the range of benefits estimated and the second should use the high end of the estimated benefits. Calculating Return on IT Investment Various techniques can be helpful (selected) If there is consensus and the ROI shows that the initiative produces a low NPV, then there is no point in continuing with the initiative. Only initiatives that have a consensus on costs and benefits and show a high NPV get to continue on into the “design” phase. Net Present Value (NPV) - the impact on revenue compared to the produced benefits.

6.10. Scope, objectives and benefits of IT investment programs & projects

6.10.1. Current Practice in Business Case Development

6.10.2. Business Case Components

6.10.3. Business Cases as Operational Tools

6.11. Benchmarking

6.11.1. Benchmarking is a performance measurement tool It measures performance of comparable enterprises and identifies the best practices. Allows management to measure their operations against other similar organizations Base decisions on objective, quantifiable measures. Keep in line with competitors.

6.11.2. General 12 step approach to Benchmarking 1. Develop senior management commitment. 2. Develop a mission statement. 3. Plan. 4. Identify customers. 5. Perform research. 6. Identify partners. 7. Develop measures. 8. Develop and administer questionnaires. 9. Scrub and analyze data. 10. Isolate best practices. 11. Conduct site visits and interviews. 12. Present findings and monitor results.

6.12. Project Management tools and techniques (non-exhaustive list)

6.12.1. Critical Path Method (CPM) example #1

6.12.2. Gantt chart example #1

6.12.3. PERT chart and CPM example #1

6.12.4. Product Breakdown Structure (PBS).

6.12.5. Resourse Breakdown Structure (RBS).

6.12.6. Work Breakdown Structure (WBS).

6.13. 6 methods to cascade business and IT objectives to key personnel

6.13.1. 1. Illustrating and Quantifying the IT Strategy

6.13.2. 2. Communicating constantly

6.13.3. 3. Focus on explaining and training

6.13.4. 4. Using a participatory style of decision-making process

6.13.5. 5. Documenting operational procedures

6.13.6. 6. Benchmarking other organizations

6.14. Strategic Alignment and Roles

6.14.1. Creating and sustaining awareness of the strategic role of IT at a top management level.

6.14.2. Clarifying the role that IT should play - utility vs. enabler.

6.14.3. Creating IT guiding principles based on business culture.

6.14.4. The culture of IT should reflect the same culture as the business IT supports.

7. Domain 3: Benefits Realization

7.1. Domain 3 - CGEIT® Exam Relevance

7.1.1. The content area for Domain 3 will represent ... 16% of the CGEIT® examination approximately 24 questions

7.2. Lack of Benefits Realization

7.2.1. A 2002 Gartner survey found that 20 percent of all expenditures on IT is wasted - a finding that represents, on a global basis, an annual destruction of value totalling about US $600 billion.

7.2.2. A 2004 IBM survey of Fortune 1000 CIOs found that, on average, CIOs believe that 40 percent of all IT spending brought no return to their organisations.

7.2.3. A 2006 study conducted by The Standish Group found that only 35 percent of all IT projects succeeded while the remainder (65 percent ) were either challenged or failed. see The Standish Group Report - chaos-report

7.2.4. Cook, R.; ‘How to Spot a Failing IT Project’, CIO Magazine, 17 July 2007

7.3. Enterprise Governance of IT Focus Areas

7.3.1. Strategic alignment

7.3.2. Value delivery

7.3.3. Resource management

7.3.4. Risk management

7.3.5. Performance measurement

7.4. Val IT Framework

7.4.1. VAL IT sets out good practices for the goals and objectives of IT investment, by providing enterprises with the structure they require to measure, monitor and optimise the realisation of business value from investment in IT.

7.4.2. Are applied through 3 domains Value governance. Portfolio Management. Investment Management.

7.4.3. 6 Key Value Governance Practices VG1 Establish informed and committed leadership VG2 Define and implement processes VG3 Define portfolio characteristics VG4 Align and integrate value management with enterprise financial planning VG5 Establish effective governance monitoring VG6 Continuously improve value management practices

7.5. Value Governance Practices

7.5.1. Programs are selected based not just on their desirability, but also on the enterprise’s ability to deliver them.

7.5.2. Having methodologies in place is less important than whether business managers and specialists use them.

7.5.3. Robust and realistic business cases are used and, if possible, include benefits for all stakeholders.

7.5.4. Benefits are managed over the entire investment life cycle through consistently applied practices and processes.

7.5.5. Integrated planning addresses benefit delivery as well as organizational, process and technology changes.

7.5.6. Business ownership and accountability are assigned for all benefits and changes targeted.

7.5.7. Investments and their results in terms of whether benefits are realized are systematically monitored and reviewed.

7.5.8. Lessons learned are consistently gleaned from both successful and unsuccessful programs, and used to improve the planning and management of new ones.

7.6. Investment Management

7.6.1. There are different categories of investment with differing levels of complexity and degrees of freedom in allocating funds. e.g. Innovation. Venture. Growth. Operational improvement. Operational maintenance. Mandatory investments.

7.6.2. IT Investment Objectives Transactional To cut costs or increase throughput for the same cost - faster transaction processing. Informational To provide better information support for business purposes - including to manage, control, report compliance, communicate, collaborate or analyze (e.g., a sales analysis or reporting system). Strategic To gain competitive advantage or position in the marketplace (e.g. offering a service not offered by competitors). Infrastructure The base foundation of shared IT services used by multiple applications (e.g. servers, networks, laptops, customer databases).

7.6.3. Managing IT Investments Choose Determine priorities. Cost, benefits etc. Control Continue to meet milestones. Cancel or continue. Evaluate Post implementation reviews.

7.6.4. 3 Key Components of Investment Management Business Case Essential to selecting the right investment programs and to manage them during their execution Program Management Governs all processes that support execution of the programs. Benefits Realization The set of tasks required to actively manage the realization of program benefits.

7.6.5. IT Investment Management Practices and Processes from Val IT Framework perspective Val IT process dedicated to Investment Management Develop and evaluate the initial program concept business case. Understand the candidate program and implementation options. Develop the program plan. Develop full life-cycle costs and benefits. Develop the detailed candidate program business case. Launch and manage the program. Update operational IT portfolios. Update the business case. Monitor and report on the program. Retire the program.

7.6.6. 2 Types of Benefits Realization Business benefits Contribute directly to value (an outcome that is expected to, or does directly increase value. Intermediate benefits Benefits that are not business benefits but might lead to business benefits including leveraging assets, improving customer service, improving morale, or better management of information.

7.7. Portfolio Management

7.7.1. The goal of portfolio management (in relations to VAL IT) is to ensure that an enterprise secures optimal value across its portfolio of IT-enabled investments.

7.8. The Business Case

7.8.1. At a minimum, the business case should include the following The business benefits targeted, their alignment with business strategy and who in the business functions will be responsible for securing them. Business changes needed to create additional value. The investments needed to make the business changes. The investments required to change or add new. IT services and infrastructure. The ongoing IT and business costs of operating in the changed way. The risks inherent in the above, including any constraints or dependencies. Who will be accountable for the successful creation of optimal value. How the investment and value creation will be monitored throughout the economic life cycle, and the metrics to be used.

7.8.2. Development of a Business Case Building a fact sheet with all the relevant data, followed by analysis of the data in steps 2-5. Alignment analysis. Financial benefits analysis. Nonfinancial benefits analysis. Risk analysis resulting in step 6. Appraisal and optimization of the risk / return of the IT-enabled investment represented by step 7. Structured recording of the results of the previous steps and documentation of the business case and, maintained by step 8. Review of the business case during the program execution, including the entire life cycle of the program results.

7.9. 7 Best Practices for Systems Development

7.9.1. Closely align systems projects with business goals.

7.9.2. Use systems to change the competitive landscape.

7.9.3. Leverage the strengths of existing systems.

7.9.4. Use the simplest combination of technology and business procedures to achieve as many different objectives as possible.

7.9.5. Structure the design so as to provide flexibility in the development sequence used to create the system.

7.9.6. Ensure that systems are not built with levels of complexities which exceed the organization’s capabilities.

7.9.7. Ensure that projects are not renewed using the same organizational approach or using the same systems design after it has once failed.

8. Domain 4: Risk Optimization

8.1. Domain 4 - CGEIT® Exam Relevance

8.1.1. The content area for Domain 4 will represent ... 24% of the CGEIT® examination approximately 36 questions

8.2. Risk Management

8.2.1. What is it? The (constant) process of balancing the risk associated with business activities with an adequate level of control that will enable the business to meet its objectives. Holistically covers all concepts and processes affiliated with managing risk, including: Systematic application of management policies, procedures and practices Establishing the context Communicating, consulting Identifying Analysing Evaluating Treating Controlling Monitoring Reviewing

8.2.2. Goal Major goal of risk management in the decision-making process is to manage the uncertainty.

8.2.3. High Level Process Phases (Risk IT) 1. Collect Data 2. Analyze Risk 3. Maintain Risk Profile

8.3. Asset risk

8.4. Hazard risk

8.5. Strategic risk

8.6. Risk Hierarchy - 4 Levels of Risk

8.6.1. Portfolio risk goal Management of stakeholder perceptions that would affect the reputation of an organization. Ensuring business success of the organization. context business success business vitality finance core services organization / enterprise capabilities resources portfolio management

8.6.2. Program risk goal Delivering business change with measurable benefits. Delivering business transformation. Delivering outcomes. context benefits capabilities programme management

8.6.3. Project risk goal Producing defined business change products within time, cost and scope constraints. Delivering outputs. context (6 project parameters) time budget benefits quality scope risk context project management

8.6.4. Operational risk goal Maintaining business services to appropriate levels. Day-to-day management. Business as Usual (BaU). context reputation volume quality internal control revenue staff customer

8.7. 3 domains in the Risk IT framework

8.7.1. Risk Governance

8.7.2. Risk Evaluation

8.7.3. Risk Response

8.8. IT Risk in the Risk Hierarchy (from ISACA® Risk IT™ perspective)

8.8.1. Strategic Risk

8.8.2. Environment Risk

8.8.3. Market Risk

8.8.4. Credit Risk

8.8.5. Operational Risk

8.8.6. Compliance Risk

8.8.7. IT-related Risk

8.9. Three IT Risk Categories (from ISACA® Risk IT™ perspective)

8.9.1. IT Benefit / Value Enablement e.g. Technology enabler for new business initiatives. Technology enabler for efficient operations. Technology enabler for higher SLAs / OLAs levels.

8.9.2. IT Programme and Project Delivery e.g. Project relevance / priority. Project time / budget overrun. Project quality.

8.9.3. IT Operations and Service Delivery e.g. IT service interruptions (SLAs / OLAs crisis). Security issues. Compliance / regulatory issues.

8.10. 3 basic types of SLAs (based on ITIL®)

8.10.1. Service based SLA Agreement that covers one service for all the customers of that service.

8.10.2. Customer based SLA Agreement with the individual Customer group, covering all the services they use. More flexible, better adjusted to customer’s needs but more complicated.

8.10.3. Multi-level SLA Good for the largest organisations. The most complex, divided on levels: Corporate level Customer level Service level

8.11. IT services sourcing models

8.11.1. Insourcing (Internal) Using an internal service provider to manage IT services.

8.11.2. Outsourcing (External) Using an external service provider to manage IT services.

8.11.3. Co-sourcing Combination of insourcing and outsourcing. Other models.

8.11.4. Multi-sourcing Formal arrangement between to or more provider organisations to work together and support one large customer (consortium)

8.11.5. Other models (selected) Business Process Outsourcing. entire business process outsourcing Application Service Provision. providing computer based-services over a network Knowledge Process Outsourcing. providing business and domain-based expertise ...

8.12. Availability Management

8.12.1. Mean Time Between Service Incidents (MTBSI).

8.12.2. Mean Time Between Failures (MTBF). aka. uptime.

8.12.3. Mean Time to Restore Service (MTRS). aka. downtime.

8.12.4. Mean Time To Repair (MTTR).

8.12.5. Single Poinf Of Failure (SPOF).

9. Domain 5: Resource Optimization

9.1. Domain 5 - CGEIT® Exam Relevance

9.1.1. The content area for Domain 5 will represent ... 15% of the CGEIT® examination approximately 22 questions

9.2. Resource Management

9.3. 4 Critical IT Resources

9.3.1. Applications An application system adds value through its support for business processes and interaction with people and other systems.

9.3.2. Infrastructure IT infrastructure includes hardware (memory, CPU, storage), software, networks and controls that facilitate business activities.

9.3.3. Information Information resources (more commonly referred to as assets) are often among the most valuable assets owned by the organization. Their confidentiality, integrity.

9.3.4. People People make up the most critical and aspect of business operations. The enterprise requires personnel with the right skills to operate systems and support business.

9.4. IT Provisioning

9.4.1. Organizations must determine the best way to provision IT services Internal (aka. Insourcing) Advantages Disadvantage External (aka. Outsourcing) Advantages Disadvantage Multiple Outsourcing Suppliers (aka. Multisourcing) Advantages Disadvantage

9.4.2. Services that are Eligible for Outsourcing (selected) Enterprise Resource Planning (ERP). Customer Relationship Management (CRM). Knowledge management and collaboration. End-user and distributed computing. Corporate platforms and data. Data networks and service. Voice networks and services. Storage. ...

9.5. Human Resource Management (HRM)

9.5.1. HR philosophies.

9.5.2. HR strategies.

9.5.3. HR policies.

9.5.4. HR processes

9.5.5. HR practices.

9.5.6. HR programs.

9.6. Value of Human Resources

9.6.1. Human capital can be regarded as the prime asset of an organization, and businesses need to invest in people to ensure business survival and growth.

9.6.2. Aims to ensure that the enterprise obtains and retains the skilled, committed and well motivated workforce it needs. Motivating IT professionals to increase productivity and reduce turnover involves a number of factors that IT managers need to manage.

9.6.3. It means engaging in talent management - the process of acquiring and nurturing talent.

9.7. 7 key factors to increase productivity and help reduce IT staff turnover

9.7.1. Provide strong leadership especially during times of change.

9.7.2. Provide staff with development plans & a clearly defined career path.

9.7.3. Allow people to learn new technologies.

9.7.4. Ask staff what they want.

9.7.5. Give staff resources / support to do their job.

9.7.6. Be competitive in salary / benefits.

9.7.7. Ensure staff perceive job as meaningful.

9.8. Cost-benefit Analysis (CBA)

9.8.1. Compares the costs with the benefits of the IT enabled investment that can be directly and indirectly attributed to the investment.

9.8.2. Techniques (selected) Payback period. Net present value analysis (NPV) / Internal rate of return (IRR). Return on investment (ROI). Return on security investment (ROSI). Breakeven analysis.

9.9. Nonfinancial Cost Benefit Analysis (nCBA)

9.9.1. Involves a comparative examination of the costs and benefits of a project by using some surrogate measure for intangible costs or benefits, that can be expressed in monetary terms.

9.9.2. As an example increase customer satisfaction, the benefit may be expressed in terms of reducing the cost of returned products and reducing the number of customer complaints.

10. Roles and Responsibilities

10.1. Board

10.2. Chief Executive Officer (CEO)

10.2.1. important on exam!

10.3. Chief Financial Officer (CFO)

10.3.1. important on exam!

10.4. Chief Risk Officer (CRO)

10.4.1. important on exam!

10.5. Chief Security Officer (CSO)

10.6. Chief Operating Officer (COO)

10.6.1. important on exam!

10.7. Chief Information Officer (CIO)

10.7.1. important on exam!

10.8. Chief Information Risk Officer (CIRO)

10.9. Chief Information Security Officer (CISO)

10.10. Business Executive

10.11. Business Process Owner

10.12. Strategy Committee (IT Executive)

10.13. IT Sterring Commitee

10.13.1. important on exam!

10.14. Project and Programme Steering Committees

10.15. Architecture Board

10.16. Enterprise Risk Committee

10.17. Head of HR

10.18. Compliance

10.19. Audit

10.20. Head of Architecture

10.21. Head of Development

10.22. Head of IT Operations

10.23. Head of IT Administration

10.24. Programme and Project Management Office (PMO)

10.24.1. important on exam!

10.25. Value Management Office (VMO)

10.26. Service Manager

11. CGEIT® Official website


12. Official Recommended exam study materials

12.1. Glossary


12.2. Development Guides

12.2.1. ISACA® CGEIT® QAE Item Development Guide

12.2.2. ISACA® CGEIT® Item Development Guide

12.3. ISACA® CGEIT® Review Manual 2015


12.4. ISACA® CGEIT® Review Questions, Answers & Explanations Manual 2015 Supplement


12.5. ISACA® CGEIT® Review Questions, Answers & Explanations Manual 2015


13. Interactive Glossary

13.1. Interactive CGEIT® Glossary

14. This freeware mind map (aligned with the newest version of CGEIT® exam) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the CGEIT® qualification and as a learning tool for candidates wanting to gain CGEIT® qualification. (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

14.1. Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Feel free to visit my website:






14.1.6. miroslaw_dabrowski