ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Transcription

1

2 ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius Matematikos mokslų daktaras Lietuvos Respublikos valstybės kontrolės Informacinių sistemų ir infrastruktūros audito departamento direktorius

3 Market need for CGEIT Individual Defines the roles and responsibilities of professionals performing IT governance work and recognizes their professional knowledge and competencies; skill-sets; abilities and experiences Enterprise Supports through the demonstration of a visible commitment to excellence in IT governance practices Business Increases the awareness of IT governance good practices and issues Profession Supports those that provide IT governance management, advisory or assurance direction and strategy

4 CGEIT: Who is it for? The CGEIT certification is intended to recognize a wide range of professionals for their knowledge and application of IT governance principles and practices. It is designed for professionals who have management, advisory, or assurance responsibilities as defined by the CGEIT Job Practice consisting of IT governance related task and knowledge statements.

5 CGEITs in the Workplace Nearly 400 are employed in organizations as the CEO, CFO or equivalent executive position. Almost 200 serve as chief audit executives, audit partners or audit heads. Over 500 serve as CIOs, CISOs, or chief compliance, risk or privacy officers. More than 600 are employed as security directors, managers or consultants and related staff. Over 1,200 are employed as IT directors, managers, consultants and related staff. More than 950 serve as audit directors, managers or consultants and related staff. Over 650 are employed in managerial, consulting or related positions in IT operations or compliance.

6 CGEITs By Geographical Area

7 CGEIT Job Practice (effective June 2013) 1. Framework for the Governance of Enterprise IT (25%) Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise. 2. Strategic Management (20%) Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans. 3. Benefits Realization (16%) Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.

8 CGEIT Job Practice Areas (effective June 2013, continued) 4. Risk Optimization (24%) Ensure that an IT risk management frameworks exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework. 5. Resource Optimization (15%) Ensure the optimization of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives. For more details visit

9 Domain 1: Framework for the Governance of Enterprise IT 1. Ensure that a framework for the governance of enterprise IT is established and enables the achievement of enterprise goals and objectives to create stakeholder value, taking into account benefits realization, risk optimization, and resource optimization. (EDM01, APO01) 2. Identify the requirements and objectives for the framework for the governance of enterprise IT incorporating input from enablers such as principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies. (EDM01, APO01) 3. Ensure that the framework for the governance of enterprise IT addresses applicable internal and external requirements (for example, principles, policies and standards, laws, regulations, service capabilities and contracts). (EDM01-05, APO01-02, MEA02-03, APO08-10)

10 Domain 1: Framework for the Governance of Enterprise IT 4. Ensure that strategic planning processes are incorporated into the framework for the governance of enterprise IT. (APO02) 5. Ensure the incorporation of enterprise architecture (EA) into the framework for the governance of enterprise IT in order to optimize ITenabled business solutions. (APO03) 6. Ensure that the framework for the governance of enterprise IT incorporates comprehensive and repeatable processes and activities. (EDM01, APO01) 7. Ensure that the roles, responsibilities and accountabilities for information systems and IT processes are established. (APO01; all COBIT processes; RACI guidance) 8. Ensure issues related to the framework for the governance of enterprise IT are reviewed, monitored, reported and remediated. (MEA01-03)

11 Domain 1: Framework for the Governance of Enterprise IT 9. Ensure that organizational structures are in place to enable effective planning and implementation of IT-enabled business investments. (APO01; all COBIT processes; RACI guidance) 10. Ensure the establishment of a communication channel to reinforce the value of the governance of enterprise IT and transparency of IT costs, benefits and risk throughout the enterprise. (EDM05, APO08) 11. Ensure that the framework for the governance of enterprise IT is periodically assessed, including the identification of improvement opportunities. (EDM05, MEA01-03)

12 Domain 2: Strategic Management 1. Evaluate, direct and monitor IT strategic planning processes to ensure alignment with enterprise goals. (EDM02-05, APO02) 2. Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment. (All COBIT processes) 3. Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated. (APO02) 4. Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process. (APO03) 5. Ensure prioritization of IT initiatives to achieve enterprise objectives. (EDM02-05; APO05 ) 6. Ensure that IT objectives cascade into clear roles, responsibilities and actions of IT personnel. (APO domain processes)

13 Domain 3: Benefits Realization 1. Ensure that IT-enabled investments are managed as a portfolio of investments. (EDM02-05; APO05 ) 2. Ensure that IT-enabled investments are managed through their economic life cycle to achieve business benefit. (EDM02, EDM05, APO05, MEA01-03, BAI05, BAI01) 3. Ensure business ownership and accountability for IT-enabled investments are established. (EDM02, APO05, APO08-09) 4. Ensure that IT investment management practices align with enterprise investment management practices. (APO05-06) 5. Ensure that IT-enabled investment portfolios, IT processes and IT services are evaluated and benchmarked to achieve business benefit. (APO05, APO09, MEA01)

14 Domain 3: Benefits Realization 6. Ensure that outcome and performance measures are established and evaluated to assess progress towards the achievement of enterprise and IT objectives. (MEA01, EDM05 ) 7. Ensure that outcome and performance measures are monitored and reported to key stakeholders in a timely manner. (EDM05, MEA01) 8. Ensure that improvement initiatives are identified, prioritized, initiated and managed based on outcome and performance measures. (APO11, MEA01, APO04, depends on how improvement' is defined)

15 Domain 4: Risk Optimization 1. Ensure that comprehensive IT risk management processes are established to identify, analyze, mitigate, manage, monitor, and communicate IT risk. (EDM03, APO12) 2. Ensure that legal and regulatory compliance requirements are addressed through IT risk management. (EDM03, MEA03, APO12, BAI01) 3. Ensure that IT risk management is aligned with the enterprise risk management (ERM) framework. (APO12) 4. Ensure appropriate senior level management sponsorship for IT risk management. (EDM03, APO12) 5. Ensure that IT risk management policies, procedures and standards are developed and communicated. (EDM03, APO12) 6. Ensure the identification of key risk indicators (KRIs). (APO12) 7. Ensure timely reporting and proper escalation of risk events and responses to appropriate levels of management. (EDM03, APO12, MEA02, EDM05)

16 Domain 5: Resource Optimization 1. Ensure that processes are in place to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people). (APO01 & most other APO domain processes) 2. Evaluate, direct and monitor sourcing strategies to ensure existing resources are taken into account to optimize IT resource utilization. (EDM04-05 ) 3. Ensure the integration of IT resource management into the enterprise s strategic and tactical planning. (MEA01-03, EDM05, BAI01, APO05-06) 4. Ensure the alignment of IT resource management processes with the enterprise s resource management processes. (EDM04, APO09, APO10, APO06)

17 Domain 5: Resource Optimization 5. Ensure that a resource gap analysis process is in place so that IT is able to meet strategic objectives of the enterprise. (MEA01-03, EDM05) 6. Ensure that policies exist to guide IT resource sourcing strategies that include service level agreements (SLAs) and changes to sourcing strategies. (EDM04, APO09, APO10) 7. Ensure that policies and processes are in place for the assessment, training and development of staff to address enterprise requirements and personal/professional growth. (APO07)

18 CGEIT Experience Requirements (For those testing June 2013 and forward) Earn a passing score on the CGEIT exam Submit verified evidence of the five years experience requirements as defined by the CGEIT Job Practice Submit the CGEIT application and receive approval Adhere to the ISACA Code of Professional Ethics Comply with the CGEIT Continuing Education Policy More information may be found at

19 Ačiū už dėmesį!