What Is CGEIT Certification, and Do You Need It?

A predominant challenge in global cyber risk assessments, 41 percent of enterprises ranked the time required as a predominant challenge, according to a 2023 Statista survey. Insufficient personnel for assessments is the second notable hurdle, cited by 38 percent of survey respondents [1].

If you are a security professional, acquiring CGEIT certification will validate your expertise. It shows clients and potential employers that you have developed a high skill level in risk optimization, resource management, benefits realization, and enterprise IT governance. 

Read on to acquaint yourself with the CGEIT exam, including its application process.

What is CGEIT certification?

Certified in the Governance of Enterprise IT (CGEIT) holds the distinction of being the only credential of its kind geared toward individuals. ISACA, formerly identified as the Information Systems Audit and Control Association, awards this credential and provides materials and resources to help you get ready for the exam. You can opt to take the CGEIT exam in English or Chinese Simplified [2].

Who should attempt the CGEIT exam?

The CGEIT certification is ideal for professionals with experience working within IT governance and ensuring that their organizations prioritize it from the top down. This could be a valuable certification if you have the knowledge and experience and want to gain a credential that attests to your understanding of the relevant principles and practices.  

As a governance or assurance professional, the CGEIT certification, among other things, helps your organization pinpoint potential business disruptions.

Eligibility criteria

To meet the criteria for the CGEIT exam, you will need at least five years of experience in an advisory role, which will require your active contribution to IT governance within an organization [2]. Although ISACA has strict requirements regarding experience, it does provide an allowance for experience waivers, which is capped at one year [2]. 

What's on the CGEIT exam?

The CGEIT exam includes 150 multiple-choice questions to assess your knowledge and expertise across four domains [3]:

1. Governance of enterprise IT (40 percent)

2. IT resources (15 percent)

3. Benefits realization (26 percent)

4. Risk optimization (19 percent)

You will have four hours (240 minutes) to complete your CGEIT exam [2]. 

How much is the CGEIT exam?

The CGEIT exam fee differs for ISACA members and non-members. In 2024, the exam fee, which is not eligible for any refunds and cannot be transferred, is [4]:

• Member: $575

• Non-member: $760

The CGEIT exam registration is ongoing, allowing you to register anytime without restrictions. Upon registering, you receive a 12-month eligibility period to complete your CGEIT exam [4].

How to register for the CGEIT exam?

Enrolling for the exam is an online process that entails logging in or creating an ISACA account. After completing the registration and payment, ISACA will email you all the details you need to schedule your exam appointment within one business day. It also gives you instructions on requesting any special accommodations you may need.

ISACA conducts CGEIT certification exams using computer-based testing, with options for candidates to take the exams at authorized PSI testing centers worldwide or remotely through proctoring. Once you've paid for exam registration, you can schedule a testing appointment in as little as 48 hours [2].

Benefits of being CGEIT certified

Besides adding to your skills, obtaining the CGEIT certification benefits you in the following ways:

• Organizations and governmental agencies around the world recognize the CGEIT certification.

• With accreditation from the American National Standards Institute (ANSI), earning and maintaining an ISACA certification is important in the hiring process.

• According to ISACA [4], 70 percent of CGEIT-certified professionals saw job improvements, and 22 percent received a pay increase. 

What salary could you earn with the CGEIT certification?

According to Payscale, the CGEIT certification allows for an annual average base salary of $139,000 [5]. While that average provides a general idea of your potential earnings, your salary will vary depending on your specific role. 

Job roles you can attain with CGEIT

Provided you have the required experience, the following are a few notable job roles you can target with CGEIT, along with the average base salary of each according to February 2024 data [5]:

• IT director: $143,803

• Risk manager: $140,127

• Chief risk officer: $198,163

• Cybersecurity engineer: $114,125

• Information security analyst: $126,429

Training for CGEIT exam

ISACA provides a diverse set of resources for CGEIT exam preparation. Let's explore these resources below:

1. CGEIT Review Manual

The CGEIT Review Manual, 8th Edition, helps you understand the responsibilities of governing enterprise IT (GEIT). The manual is a detailed digital reference guide reviewed by subject matter experts actively engaged in GEIT worldwide. As for pricing, the manual is available at $109 and $139 for members and non-members, respectively [7]. You may also choose to buy a print version of the manual. 

2. CGEIT Questions, Answers, and Explanations Database

The CGEIT Questions, Answers, and Explanations Database offers a comprehensive 300-question pool, including items from the CGEIT Questions, Answers, and Explanations Manual, 5th Edition [8]. Accessible through ISACA PERFORM, a web-based platform, the database allows you to log in from anywhere—all you need is access to the internet. The database is priced at $299 for members and $399 for non-members of ISACA [8].

3. CGEIT community 

Whether you have specific questions about exam content, study strategies, or general insights into the CGEIT domain, ISACA’s online community, called Engage, lets you connect with peers, enhancing your overall exam preparation experience.

How to maintain your CGEIT certification

To sustain your CGEIT certification, you must earn a minimum of 20 continuing professional education (CPE) credits each year, totaling 120 CPEs over three years [9]. 

You may earn your CPEs in numerous ways, including:  

• Attending ISACA conferences (32 CPEs) 

• Engaging in training courses and skills-based labs (32 CPEs per course)

• Signing up for webinars and online training (36 CPEs per year)

• Volunteering with ISACA (20 CPEs per year)

• Participating in educational events with One In Tech

• Indulging in on-demand learning  (28 CPEs per course)

The annual maintenance fee for CGEIT is $45 for members and $85 for non-members [9]. As part of the maintenance, you must also adhere to ISACA’s Code of Professional Ethics and submit to an audit of your CPEs if selected. ISACA selects its auditees randomly, regardless of the reported number or category of CPE. 

Learn more with Coursera

Delve deeper into the principles of GEIT with the Risk Governance: Manage the Risks course offered by Macquarie University and available on Coursera. This course includes video lectures, quizzes, discussion prompts, and written assessments focusing on helping you build a sound governance structure and comprehensive risk management framework. This beginner-friendly option typically takes approximately 23 hours to complete.