BKA renginio "Kaip tapti lyderiais IT valdymo, saugos ir audito srityje?" pranešimas "Certification details for certified in the governance of enterprise IT". Renginys vyko balandžio 18 d., 2013.
Kenya Coconut Production Presentation by Dr. Lalith Perera
CGEIT sertifikacija
1.
2. Certification Details for
Certified in the Governance of
Enterprise IT (CGEIT)
ISACA®
Pasitikėjimas informacinėmis sistemomis ir jų nauda
Dainius Jakimavičius, CGEIT
ISACA Lietuva tyrimų ir metodikos koordinatorius
Matematikos mokslų daktaras
Lietuvos Respublikos valstybės kontrolės Informacinių
sistemų ir infrastruktūros audito departamento
direktorius
3. Market need for CGEIT
• Individual
Defines the roles and responsibilities of professionals performing IT
governance work and recognizes their professional knowledge and
competencies; skill-sets; abilities and experiences
• Enterprise
Supports through the demonstration of a visible commitment to
excellence in IT governance practices
• Business
Increases the awareness of IT governance good practices and issues
• Profession
Supports those that provide IT governance management, advisory or
assurance direction and strategy
4. CGEIT: Who is it for?
The CGEIT certification is intended to recognize a wide
range of professionals for their knowledge and
application of IT governance principles and practices. It is
designed for professionals who have management,
advisory, or assurance responsibilities as defined by the
CGEIT Job Practice consisting of IT governance related
task and knowledge statements.
5. CGEITs in the Workplace
• Nearly 400 are employed in organizations as the CEO, CFO or equivalent
executive position.
• Almost 200 serve as chief audit executives, audit partners or audit heads.
• Over 500 serve as CIOs, CISOs, or chief compliance, risk or privacy officers.
• More than 600 are employed as security directors, managers or consultants
and related staff.
• Over 1,200 are employed as IT directors, managers, consultants and related
staff.
• More than 950 serve as audit directors, managers or consultants and
related staff.
• Over 650 are employed in managerial, consulting or related positions in IT
operations or compliance.
7. CGEIT Job Practice
(effective June 2013)
1. Framework for the Governance of Enterprise IT (25%)
Ensure the definition, establishment, and management of a framework
for the governance of enterprise IT in alignment with the mission, vision
and values of the enterprise.
2. Strategic Management (20%)
Ensure that IT enables and supports the achievement of enterprise
objectives through the integration and alignment of IT strategic plans
with enterprise strategic plans.
3. Benefits Realization (16%)
Ensure that IT-enabled investments are managed to deliver optimized
business benefits and that benefit realization outcome and
performance measures are established, evaluated and progress is
reported to key stakeholders.
8. CGEIT Job Practice Areas
(effective June 2013, continued)
4. Risk Optimization (24%)
Ensure that an IT risk management frameworks exists to identify,
analyze, mitigate, manage, monitor, and communicate IT-related
business risk and that the framework for IT risk management is in
alignment with the enterprise risk management (ERM) framework.
5. Resource Optimization (15%)
Ensure the optimization of IT resources including information,
services, infrastructure and applications, and people, to support the
achievement of enterprise objectives.
For more details visit www.isaca.org/cgeitjobpractice
9. Domain 1: Framework for the
Governance of Enterprise IT
1. Ensure that a framework for the governance of enterprise IT is established
and enables the achievement of enterprise goals and objectives to create
stakeholder value, taking into account benefits realization, risk optimization,
and resource optimization. (EDM01, APO01)
2. Identify the requirements and objectives for the framework for the
governance of enterprise IT incorporating input from enablers such as
principles, policies and frameworks; processes; organizational structures;
culture, ethics and behavior; information; services, infrastructure and
applications; people, skills and competencies. (EDM01, APO01)
3. Ensure that the framework for the governance of enterprise IT addresses
applicable internal and external requirements (for example, principles,
policies and standards, laws, regulations, service capabilities and contracts).
(EDM01-05, APO01-02, MEA02-03, APO08-10)
10. Domain 1: Framework for the
Governance of Enterprise IT
4. Ensure that strategic planning processes are incorporated into the
framework for the governance of enterprise IT. (APO02)
5. Ensure the incorporation of enterprise architecture (EA) into the
framework for the governance of enterprise IT in order to optimize IT-
enabled business solutions. (APO03)
6. Ensure that the framework for the governance of enterprise IT incorporates
comprehensive and repeatable processes and activities. (EDM01, APO01)
7. Ensure that the roles, responsibilities and accountabilities for information
systems and IT processes are established. (APO01; all COBIT processes;
RACI guidance)
8. Ensure issues related to the framework for the governance of enterprise IT
are reviewed, monitored, reported and remediated. (MEA01-03)
11. Domain 1: Framework for the
Governance of Enterprise IT
9. Ensure that organizational structures are in place to enable effective
planning and implementation of IT-enabled business investments.
(APO01; all COBIT processes; RACI guidance)
10. Ensure the establishment of a communication channel to reinforce the
value of the governance of enterprise IT and transparency of IT costs,
benefits and risk throughout the enterprise. (EDM05, APO08)
11. Ensure that the framework for the governance of enterprise IT is
periodically assessed, including the identification of improvement
opportunities. (EDM05, MEA01-03)
12. Domain 2: Strategic Management
1. Evaluate, direct and monitor IT strategic planning processes to
ensure alignment with enterprise goals. (EDM02-05, APO02)
2. Ensure that appropriate policies and procedures are in place to
support IT and enterprise strategic alignment. (All COBIT processes)
3. Ensure that the IT strategic planning processes and related outputs
are adequately documented and communicated. (APO02)
4. Ensure that enterprise architecture (EA) is integrated into the IT
strategic planning process. (APO03)
5. Ensure prioritization of IT initiatives to achieve enterprise objectives.
(EDM02-05; APO05 )
6. Ensure that IT objectives cascade into clear roles, responsibilities
and actions of IT personnel. (APO domain processes)
13. Domain 3: Benefits Realization
1. Ensure that IT-enabled investments are managed as a portfolio of
investments. (EDM02-05; APO05 )
2. Ensure that IT-enabled investments are managed through their
economic life cycle to achieve business benefit. (EDM02, EDM05,
APO05, MEA01-03, BAI05, BAI01)
3. Ensure business ownership and accountability for IT-enabled
investments are established. (EDM02, APO05, APO08-09)
4. Ensure that IT investment management practices align with
enterprise investment management practices. (APO05-06)
5. Ensure that IT-enabled investment portfolios, IT processes and IT
services are evaluated and benchmarked to achieve business
benefit. (APO05, APO09, MEA01)
14. Domain 3: Benefits Realization
6. Ensure that outcome and performance measures are established
and evaluated to assess progress towards the achievement of
enterprise and IT objectives. (MEA01, EDM05 )
7. Ensure that outcome and performance measures are monitored
and reported to key stakeholders in a timely manner. (EDM05,
MEA01)
8. Ensure that improvement initiatives are identified, prioritized,
initiated and managed based on outcome and performance
measures. (APO11, MEA01, APO04, depends on how
‘improvement' is defined)
15. Domain 4: Risk Optimization
1. Ensure that comprehensive IT risk management processes are established
to identify, analyze, mitigate, manage, monitor, and communicate IT risk.
(EDM03, APO12)
2. Ensure that legal and regulatory compliance requirements are addressed
through IT risk management. (EDM03, MEA03, APO12, BAI01)
3. Ensure that IT risk management is aligned with the enterprise risk
management (ERM) framework. (APO12)
4. Ensure appropriate senior level management sponsorship for IT risk
management. (EDM03, APO12)
5. Ensure that IT risk management policies, procedures and standards are
developed and communicated. (EDM03, APO12)
6. Ensure the identification of key risk indicators (KRIs). (APO12)
7. Ensure timely reporting and proper escalation of risk events and responses
to appropriate levels of management. (EDM03, APO12, MEA02, EDM05)
16. Domain 5: Resource Optimization
1. Ensure that processes are in place to identify, acquire and maintain IT
resources and capabilities (i.e., information, services, infrastructure and
applications, and people). (APO01 & most other APO domain processes)
2. Evaluate, direct and monitor sourcing strategies to ensure existing
resources are taken into account to optimize IT resource utilization.
(EDM04-05 )
3. Ensure the integration of IT resource management into the enterprise’s
strategic and tactical planning. (MEA01-03, EDM05, BAI01, APO05-06)
4. Ensure the alignment of IT resource management processes with the
enterprise’s resource management processes. (EDM04, APO09, APO10,
APO06)
17. Domain 5: Resource Optimization
5. Ensure that a resource gap analysis process is in place so that IT is able to
meet strategic objectives of the enterprise. (MEA01-03, EDM05)
6. Ensure that policies exist to guide IT resource sourcing strategies that
include service level agreements (SLAs) and changes to sourcing strategies.
(EDM04, APO09, APO10)
7. Ensure that policies and processes are in place for the assessment, training
and development of staff to address enterprise requirements and
personal/professional growth. (APO07)
18. CGEIT Experience Requirements
(For those testing June 2013 and forward)
• Earn a passing score on the CGEIT exam
• Submit verified evidence of the five years experience
requirements as defined by the CGEIT Job Practice
• Submit the CGEIT application and receive approval
• Adhere to the ISACA Code of Professional Ethics
• Comply with the CGEIT Continuing Education Policy
More information may be found at
www.isaca.org/cgeitrequirements
19. Ačiū už dėmesį!
Daugiau informacijos apie organizuojamus ISACA sertifikacijų mokymus rasite
www.bka.lt
Susisiekite telefonu 8 5 2780502 arba el.paštu mokymai@bka.lt