CGEIT Preparation Tips and the Timelessness of Good Governance

Jason Kang
Author: Jason Kang, CISA, CGEIT, CCSP, CISSP, CDPSE
Date Published: 24 September 2020

My preparation for the CGEIT certification exam took about five months of self-study, deep-dive research on the weekends and answering practice questions. I was the highest scorer on the exam last year. Here are some tips in preparing for the CGEIT that might work for you.     

Think Like A Senior Technology Executive
Preparation is all about understanding the big picture like a senior leader in an organization would – like a CIO, CTO or managing director. How does an organization plan for change? Who makes (or has the right to make) decisions? What is the best way to organize a project? How do we measure value from investments in IT? Indeed, many of the concepts are best learned through direct experience advising, consulting, or directing, but there is also a large body of literature available as these are common business challenges that are not necessarily exclusive to IT. Put another way, there is plenty of room to grow professionally, and ample direction to prepare. The right mindset is key.

Learn Governance of Enterprise IT Foundations 
The domain areas of the CGEIT® reflect the broad scope that makes this certification especially challenging for people who may be more comfortable with technical concerns versus big-picture ideas.

  • Governance of Enterprise IT
  • IT Resources
  • Benefits Realization
  • Risk Optimization

My preparation started with the CGEIT Review Manual to understand the basics. Within the manual, I paid attention to the content but even more to the resources referenced. For example, I reviewed ISACA resources such as the Risk IT Framework and VAL IT Framework. I also researched publications like the NIST Enterprise Architecture model, which is foundational to understanding how the discrete pieces, for example technology that supports business processes, should fit together as part of a whole. I came back to the RACI charts regarding roles and responsibilities and Balanced Scorecard multiple times, as this was quite important to understand. 

These are just a few examples, but as a whole, I viewed the manual as a starting point to deeper research.    

Reinforce Learning From Thought Leaders
The key is to think about how the concepts relate to scenarios you may have or potentially will encounter as an IT governance professional. 

There is never a perfect solution, but there is always a best answer (or least bad decision!). There is little need to reinvent the wheel since there are ample frameworks out there that have stood the test of time, and good resources from people who have done it before. Outside of ISACA materials, I read up on books published by thought leaders to get insight on best practices on how risk is managed, organizational decision-making, strategic planning and other topics. These books provided richness to the concepts, and help inspire thinking about the real-world challenges that governance of enterprise IT addresses:

  • IT Governance: How Top Performers Manage IT Decision Rights for Superior Results by Peter Weill & Jeanne W. Ross
  • Turning Business Threats into Competitive Advantage by George Westerman & Richard Hunter
  • World Class IT: Why Businesses Succeed When IT Triumphs by Peter A. High.

Further research led me to resources from the MIT Center for Information Systems Research, which publishes case studies on information and technology governance challenges facing various businesses.   

Practice, Practice, Practice (Questions)
Lastly, test your knowledge.

I practiced taking test questions using the CGEIT Review Questions, Answers, and Explanations Manual in 50-question blocks with a timer. I then came back to questions I got wrong and did additional research in those domains to make sure I corrected wrong assumptions (there were many!). My goal was to score at least 80% during each practice run. I also tabulated the number of wrong answers in each domain to understand my weak spots, and reviewed those topics in detail. Thankfully, there are test engines now available to provide this type of data analysis for you as well as question banks; I would certainly recommend exploring those.   

Closing Thoughts ... Good Governance Is Timeless

To share some of my closing thoughts, I felt the exam did a satisfactory job of assessing whether the candidate had sufficient experience. I could see how my experience informed my interest toward the CGEIT. I always wanted to revisit “the why and how” of enterprise IT, especially due to recent innovations in technology and their collective impact on financial services. For example, in the world of banking, there is a rich ecosystem of financial technology providing new opportunities and associated risks. In my view, the greatest challenges (even in technical areas) lean toward the organizational, and that’s when good governance matters most. Prudently balancing risk-taking with reward, managing the pace of sometimes radical change, obtaining value from strategic investments, and responsibly meeting expectations of customers, investors, regulators, and the public are a deeply challenging balancing act.  To that end, better governance is always a timeless topic, and a worthwhile challenge for those who are equipped to meet it.

About the author: Jason Kang is a federal banking regulator in the United States, Office of the Comptroller of the Currency (OCC), an independent agency of the U.S. Department of the Treasury. He has spent many years of his career in public service focused on banking supervision as a subject matter expert in technology and operational risk. He lives in Edison, New Jersey. All thoughts and views expressed are solely the author’s, and do not represent the positions of the OCC or the United States Government. 

Learn more about Jason and the other 2020 award recipients.