1. CGEIT Exam Passing Principles
2. The job profile of the CGEIT® (Certified in the Governance of Enterprise IT) published in 2008 is the consistent enhancement of the initiative started in the area of IT governance: at that time, the IT Governance Institute was founded and the first COBIT® version published as a synthesis of more than 30 national and international standards. The manifold, since then published ITGI documents, covering all aspects of IT governance, as well as the numerous certified CGEIT®s reflect the relevance of the consistent expansion of governance in information technology.
2.1. Covers
2.1.1. It covers 5 domains, 32 tasks and 51 knowledge statements (statements covering the required technical knowledge).
2.2. Designation
2.2.1. The CGEIT® certification / designation reflects a solid achievement record in IT governance and in topics such as strategic direction, value creation, risk management, resources management and measurement in information technology.
2.3. The CGEIT® job profile was first published in 2008, and CGEIT® job description has been adapted for the exam in 2013.
3. Overview of the CGEIT® certification
3.1. About the CGEIT® exam
3.1.1. CGEIT® exam questions are developed with the intent of measuring and testing practical knowledge and the application of general concepts and standards.
3.1.2. PBE & CBE (only pencil & eraser are allowed).
3.1.2.1. PBE - Paper based exam.
3.1.2.2. CBE - Closed book exam.
3.1.3. 4 hour exam.
3.1.4. 150 multiple choice questions designed with one best answer.
3.1.4.1. Several questions (about 10) are based on small scenarion
3.1.5. No negative points.
3.1.6. Pre-requisite for exam:
3.1.6.1. none
3.1.7. Pre-requisite for certification:
3.1.7.1. Read CGEIT® Application Form
3.1.7.1.1. http://www.isaca.org/Certification/CRISC-Certified-in-Risk-and-Information-Systems-Control/Documents/CRISC-Application.pdf
4. CGEIT® Official website
4.1. http://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Pages/default.aspx
5. Official Recommended exam study materials
5.1. Glossary
5.1.1. http://www.isaca.org/Knowledge-Center/Documents/Glossary/cgeit_glossary.pdf
5.2. Development Guides
5.2.1. ISACA® CGEIT® QAE Item Development Guide
5.2.1.1. http://www.isaca.org/Certification/Write-an-Exam-Question/Documents/CGEIT-QAE-Item-Development-Guide.pdf
5.2.2. ISACA® CGEIT® Item Development Guide
5.2.2.1. http://www.isaca.org/Certification/Write-an-Exam-Question/Documents/CGEIT-Item-Development-Guide-2013.pdf
5.3. ISACA® CGEIT® Review Manual 2015
5.3.1. https://www.isaca.org/bookstore/Pages/Product-Detail.aspx?Product_code=CGM15
5.4. ISACA® CGEIT® Review Questions, Answers & Explanations Manual 2015 Supplement
5.4.1. https://www.isaca.org/bookstore/Pages/Product-Detail.aspx?Product_code=CGQ15ES
5.5. ISACA® CGEIT® Review Questions, Answers & Explanations Manual 2015
5.5.1. https://www.isaca.org/bookstore/Pages/Product-Detail.aspx?Product_code=CGQ15
6. This freeware mind map (aligned with the newest version of CGEIT® exam) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the CGEIT® qualification and as a learning tool for candidates wanting to gain CGEIT® qualification. (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)
6.1. Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Feel free to visit my website: www.miroslawdabrowski.com
6.1.1. http://www.miroslawdabrowski.com
6.1.2. http://www.linkedin.com/in/miroslawdabrowski
6.1.3. https://www.google.com/+MiroslawDabrowski
6.1.4. https://play.spotify.com/user/miroslawdabrowski/
6.1.5. https://twitter.com/mirodabrowski
6.1.6. miroslaw_dabrowski
7. Domain 1: Framework for the Governance of Enterprise IT
7.1. Domain 1 - CGEIT® Exam Relevance
7.1.1. The content area for Domain 1 will represent ...
7.1.1.1. 25% of the CGEIT® examination
7.1.1.2. approximately 38 questions
7.2. Benefits of IT Governance (ITG)
7.2.1. Better customer support.
7.2.2. Transformation of business to leverage technology.
7.2.3. Process Improvement.
7.2.4. Better oversight of IT investment by management.
7.2.5. Enterprise-wide consistency in IT technology, processes and procurement.
7.3. IT Governance (ITG)
7.3.1. 3 Key requirements
7.3.1.1. It must be positioned as an integral part of the enterprise governance framework.
7.3.1.2. There must be clear definitions of roles and responsibilities.
7.3.1.3. There must be an ongoing implementation and continuity plan.
7.3.2. 5 Focus areas
7.3.2.1. Strategic alignment
7.3.2.1.1. Focuses on aligning with the business and collaborative solutions.
7.3.2.2. Value delivery
7.3.2.2.1. Concentrates on optimizing expenses and proving the value of IT.
7.3.2.3. Risk management
7.3.2.3.1. Addresses the safeguarding of IT assets, disaster recovery and continuity of operations.
7.3.2.4. Resource management
7.3.2.4.1. Optimizes knowledge and IT Infrastructure.
7.3.2.5. Performance measurement
7.3.2.5.1. Tracks project delivery and monitoring of IT services.
7.3.3. 3 Critical foundations
7.3.3.1. Leadership.
7.3.3.2. Structure or mechanisms.
7.3.3.3. Processes.
7.3.3.4. The presence of all three elements is required. IT Governance would be ineffective or compromised if any one were missing.
7.3.4. Scope of IT Governance
7.3.4.1. Setting objectives.
7.3.4.2. Providing direction.
7.3.4.3. Evaluating the evaluation of performance.
7.3.4.4. Translating the strategic direction into action.
7.3.4.5. Measuring and reporting on performance.
7.3.5. Steps to Implement IT Governance (generic)
7.3.5.1. 1. Define the meaning of governance in the organization.
7.3.5.2. 2. Identify constraints and enablers.
7.3.5.3. 3. Achieve a broad understanding of IT Governance issues and benefits
7.3.5.4. 4. Agree, publish and gain acceptance of IT Governance framework, tools, processes.
7.3.5.5. 5. Creation of a Project Initiation Document (PID) / Terms of Reference (ToR)
7.3.5.6. 6. Create a Project Plan
7.3.5.7. 7. Identify and commit resources.
7.3.5.8. 8. Identify and sign off on KPIs and Critical Success Factors (CSFs).
7.3.5.9. 9. Align with the business objectives.
7.3.6. External resources
7.3.6.1. IT Governance - Developing a successful governance strategy. A Best Practice guide for decision makers in IT
7.3.6.1.1. https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study-Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf
7.4. 9 Rules for Better Governance
7.4.1. 1. Define business goals and IT goals.
7.4.2. 2. Define IT Governance processes correctly.
7.4.3. 3. Set up clear IT organizational & decision structure.
7.4.4. 4. Involve executives and board of directors.
7.4.5. 5. Manage roles & responsibilities.
7.4.6. 6. Have working IT steering and IT strategy committees.
7.4.7. 7. Manage & align the IT investment portfolio.
7.4.8. 8. Use performance measurement tools.
7.4.9. 9. Set up support communication and awareness mechanisms.
7.5. Techniques for IT Strategy
7.5.1. PESTLE Analysis
7.5.1.1. PESTLE is a mnemonic which in its expanded form denotes P for Political, E for Economic, S for Social, T for Technological, L for Legal and E for Environmental.
7.5.1.2. This concept is used as a tool by companies to track the environment they’re operating in or are planning to launch a new project/product/service etc.
7.5.1.2.1. It gives a bird’s eye view of the whole environment from many different angles that one wants to check and keep a track of while contemplating on a certain idea/plan.
7.5.1.3. There are certain questions that one needs to ask while conducting this analysis, which give them an idea of what things to keep in mind. They are:
7.5.1.3.1. What is the political situation of the country and how can it affect the industry?
7.5.1.3.2. What are the prevalent economic factors?
7.5.1.3.3. How much importance does culture has in the market and what are its determinants?
7.5.1.3.4. What technological innovations are likely to pop up and affect the market structure?
7.5.1.3.5. Are there any current legislations that regulate the industry or can there be any change in the legislations for the industry?
7.5.1.3.6. What are the environmental concerns for the industry?
7.5.2. SWOT Analysis
7.5.2.1. Structured planning method used to evaluate the strengths, weaknesses, opportunities and threats involved in a project or in a business venture.
7.5.2.1.1. Strengths: characteristics of the business or project that give it an advantage over others.
7.5.2.1.2. Weaknesses: characteristics that place the business or project at a disadvantage relative to others.
7.5.2.1.3. Opportunities: elements that the project could exploit to its advantage.
7.5.2.1.4. Threats: elements in the environment that could cause trouble for the business or project.
7.5.2.2. Strengths
7.5.2.2.1. characteristics of the business or project that give it an advantage over others.
7.5.2.3. Weaknesses (or Limitations)
7.5.2.3.1. characteristics that place the business or project at a disadvantage relative to others.
7.5.2.4. Opportunities
7.5.2.4.1. characteristics that place the business or project at a disadvantage relative to others.
7.5.2.5. Threats
7.5.2.5.1. elements in the environment that could cause trouble for the business or project.
7.5.2.6. SWOT analysis groups key pieces of information into two main categories:
7.5.2.6.1. internal factors
7.5.2.6.2. external factors
7.5.2.7. Further reading
7.5.2.7.1. http://www.mindtools.com/pages/videos/SWOT-analysis-transcript.htm
7.5.2.7.2. http://www.mindtools.com/pages/article/newTMC_05.htm
7.5.3. TOWS Analysis
7.5.3.1. TOWS Analysis is a variant of the classic business tool, SWOT Analysis.
7.5.3.1.1. TOWS and SWOT are acronyms for different arrangements of the words Strengths, Weaknesses, Opportunities and Threats.
7.5.3.2. By analyzing the external environment (threats and opportunities), and your internal environment (weaknesses and strengths), you can use these techniques to think about the strategy of your whole organization, a department or a team.
7.5.3.3. For each combination of internal and external environmental factors, consider how you can use them to create good strategic options:
7.5.3.3.1. Strengths and Opportunities (SO) – How can you use your strengths to take advantage of these opportunities?
7.5.3.3.2. Strengths and Threats (ST) – How can you take advantage of your strengths to avoid real and potential threats?
7.5.3.3.3. Weaknesses and Opportunities (WO) – How can you use your opportunities to overcome the weaknesses you are experiencing?
7.5.3.3.4. Weaknesses and Threats (WT) – How can you minimize your weaknesses and avoid threats?
7.5.4. Balanced Scorecard (BSC)
7.5.4.1. What is it?
7.5.4.1.1. Strategic management system that helps organization translates its strategies into objectives that drive both behaviour and performance. Both financial and non-financial.
7.5.4.1.2. Measures are designed to track the progress of objectives against targets.
7.5.4.2. Financial
7.5.4.2.1. Share value, profit, revenue, cost of capital, debt, ROA, cash flow.
7.5.4.3. Customer
7.5.4.3.1. Market share, customer satisfaction, customer service, number of contracts, KYC, customer due diligence, number of claims.
7.5.4.4. Internal
7.5.4.4.1. Regulatory compliance, number of incidents, centralized data, process optimization.
7.5.4.5. Growth
7.5.4.5.1. Competitive advantage, reputation.
7.5.4.6. Further reading
7.5.4.6.1. http://www.mindtools.com/pages/article/newLDR_85.htm
7.5.4.7. variants
7.5.4.7.1. IT Balanced Scorecard (IT BSC)
7.5.5. Boston Box / Boston Consulting Group (BCG) Matrix
7.5.5.1. Further reading
7.5.5.1.1. http://www.mindtools.com/pages/article/newTED_97.htm
7.5.6. Porter’s 5 forces model
7.5.6.1. The Porter's Five Forces tool is a simple but powerful tool for understanding where power lies in a business situation.
7.5.6.2. This is useful, because it helps you understand both the strength of your current competitive position, and the strength of a position you're considering moving into.
7.5.6.3. Five Forces Analysis assumes that there are five important forces that determine competitive power in a business situation. These are:
7.5.6.3.1. Supplier Power:
7.5.6.3.2. Buyer Power:
7.5.6.3.3. Competitive Rivalry:
7.5.6.3.4. Threat of Substitution:
7.5.6.3.5. Threat of New Entry:
7.5.6.4. Further reading
7.5.6.4.1. http://www.mindtools.com/pages/videos/five-forces-transcript.htm
7.5.6.4.2. http://www.mindtools.com/pages/article/newTMC_08.htm
7.5.7. Porter’s value chain model
7.5.7.1. http://www.mindtools.com/pages/article/newSTR_66.htm
7.5.7.2. Further reading
7.5.8. The McKinsey's 7S Framework
7.5.8.1. The basic premise of the model is that there are seven internal aspects of an organization that need to be aligned if it is to be successful.
7.5.8.2. This model proposes that organisations are subject to these seven inter-related aspects
7.5.8.3. The 7-S model can be used in a wide variety of situations where an alignment perspective is useful, for example, to help you:
7.5.8.3.1. Improve the performance of a company.
7.5.8.3.2. Examine the likely effects of future changes within a company.
7.5.8.3.3. Align departments and processes during a merger or acquisition.
7.5.8.3.4. Determine how best to implement a proposed strategy.
7.5.8.4. Explaining each of the elements specifically:
7.5.8.4.1. Strategy
7.5.8.4.2. Structure
7.5.8.4.3. Systems
7.5.8.4.4. Shared Values
7.5.8.4.5. Style
7.5.8.4.6. Staff
7.5.8.4.7. Skills
7.5.8.5. Further reading
7.5.8.5.1. http://www.mindtools.com/pages/videos/7s-transcript.htm
7.5.8.5.2. http://www.mindtools.com/pages/article/newSTR_91.htm
7.5.9. The McFarlan's matrix on the strategic importance of IT
7.5.10. Lean Thinking
7.5.10.1. Lean thinking links closely to the concept of delivering value. It is based on theory and practice developed for manufacturing and emphasises the removal of waste. Waste, often called “Muda” (a Japanese term) refers to everything which is not of value to the customer (internal and external).
7.5.10.2. The Lean approach advocates the following 5 principles:
7.5.10.2.1. Specify what creates value from a customer’s perspective
7.5.10.2.2. Identify all steps across the whole value chain
7.5.10.2.3. Make those actions happen that create the value flow
7.5.10.2.4. Make what is “pulled” (demanded or triggered) by the customer happen just in time
7.5.10.2.5. Strive for perfection by continually removing successive layers of waste
7.6. Enterprise Architecture
7.6.1. What is Enterprise Architecture?
7.6.1.1. An enterprise can be made up of:
7.6.1.1.1. Many divisions.
7.6.1.1.2. Many departments.
7.6.1.1.3. Many regions.
7.6.1.1.4. Many lines of business.
7.6.1.1.5. Many cultures.
7.6.1.1.6. ...
7.6.1.2. Enterprise architecture attempts to align all of these diverse areas to realize economies of scale, consistent risk management, etc.
7.6.1.3. Architecture can be defined as a representation of a conceptual framework of components and their relationships at a point in time EA takes a broader view of the entire enterprise and seeks to align individual architectures into a consistent model
7.6.1.4. Enterprise architecture provides consistency between all the elements of the organization:
7.6.1.4.1. Policy.
7.6.1.4.2. Standards.
7.6.1.4.3. Procurement.
7.6.1.4.4. ...
7.6.1.5. Enterprise architecture provides better top level oversight, monitoring and direction.
7.6.2. Business architecture
7.6.2.1. Enterprise level.
7.6.3. Information architecture
7.6.3.1. Business unit level.
7.6.4. Information systems architecture
7.6.4.1. Systems level.
7.6.5. Data architecture
7.6.5.1. Data element level.
7.6.6. Technology / Delivery systems architecture
7.6.6.1. Hardware, software, networks.
7.6.7. Practical Architectural Layers
7.6.7.1. Applications.
7.6.7.2. Databases.
7.6.7.3. Networks.
7.6.7.4. Operating systems / utilities.
7.6.7.5. Hardware.
7.6.8. Key Success Factors (KSFs) for Enterprise Architecture
7.6.8.1. EA should be approached in a top-down, enterprise-wide fashion.
7.6.8.2. EA is the link between strategy, technology, processes and organization and is one of the key IT contributions to the enterprise effort to implement strategy.
7.6.8.3. For the optimal approach to doing EA in the organization, there are a number of factors to be kept in mind-size, culture, EA skill levels, stakeholder views, resources, financial strength.
7.7. 3 Key things to establishing a Framework
7.7.1. 1. Take a programme approach
7.7.1.1. Instead of approaching the framework as a single project or on a piece by piece basis, take an approach that the establishment of the frameworks is a series of many inter-related projects.
7.7.2. 2. Champion or sponsor and funding
7.7.2.1. Have a clearly identified project champion or and secure sufficient short and sustainable funding.
7.7.3. 3. Communication and buy-in
7.7.3.1. Adoption of an IT best practice, standard or framework must be communicated to stakeholders.
7.8. 4 Types of changes
7.8.1. Evolution
7.8.1.1. Transformational change is implemented gradually.
7.8.2. Revolution
7.8.2.1. Transformational change that occurs simultaneously on many fronts.
7.8.3. Adaptation
7.8.3.1. Realign the way in which the organization operates, using a series of steps.
7.8.4. Reconstruction
7.8.4.1. Rebuilding entire business processes and models simultaneously.
7.9. Standards related to Governance of Enterprise IT (GEIT) (selected)
7.9.1. ISACA®
7.9.1.1. COBIT® 5 A business framework for the governance and management of enterprise IT
7.9.1.1.1. COBIT® 5 is a single and integrated framework for GEIT but also a guidance for management
7.9.1.1.2. Helps enterprises create optimal value from IT by maintaining a balance between benefits and risk levels and resource use.
7.9.2. ISO
7.9.2.1. ISO / IEC 38500 - Standard for corporate governance of IT
7.9.2.2. ISO / IEC 20000-1:2011 Information Technology -- Service management -- Part 1: Service management system requirements
7.9.2.3. ISO 2700X family of standards
7.9.2.3.1. ISO/IEC 27001:2013 Information Technology - Security techniques - Information security management systems (ISMS) - Requirements
7.9.2.3.2. ISO/IEC 27002:2013 Information Technology -- Security techniques - Code of practice for information security controls
7.9.2.3.3. ISO/IEC 27003:2010 Information technology - Security techniques - Information security management system implementation guidance
7.9.2.3.4. ISO/IEC 27005:2013 IT Risk: Turning Business Threats Into Competitive Advantage (ISRM)
7.9.2.3.5. ...
7.10. Standards related to Management of Enterprise IT (a.k.a. "forest of methodologies, standards, frameworks")
7.10.1. Application Management (NOT application lifecycle management)
7.10.1.1. ASL BiSL Foundation
7.10.1.1.1. ASL®2 - Application Services Library 2
7.10.1.1.2. www.aslbislfoundation.org
7.10.2. Bodies of Knowledge (selected)
7.10.2.1. Business Analysis
7.10.2.1.1. IIBA®
7.10.2.1.2. DSDM Consortium
7.10.2.2. Outsourcing Management
7.10.2.2.1. IIOM®
7.10.2.2.2. IAOP®
7.10.2.3. Project Management
7.10.2.3.1. PMI®
7.10.2.4. Security Management
7.10.2.4.1. (ISC)²
7.10.2.4.2. SRMBok
7.10.2.5. see Bodies of Knowledge mind map
7.10.3. COSO
7.10.3.1. Enterprise Risk Management (ERM) Integrated Framework
7.10.3.1.1. see COSO ERM-IF mind map
7.10.3.2. Internal Control (IC) Integrated Framework
7.10.3.2.1. see COSO III IC-IF mind map
7.10.4. Data Management
7.10.4.1. DMBoK
7.10.4.1.1. Data Management Body of Knowledge
7.10.5. Enterprise Architecture
7.10.5.1. Department of Defense Architecture Framework (DoDAF)
7.10.5.2. EABOK
7.10.5.2.1. Enterprise Architecture Body of Knowledge
7.10.5.3. Federal Government's Coordination and Advisory Board for IT in the Administration (KBSt)
7.10.5.3.1. Standards and Architectures for e-Government Applications (SAGA)
7.10.5.4. Governance Enterprise Architecture (GEA)
7.10.5.5. NIST
7.10.5.5.1. NIST Enterprise Architecture Model
7.10.5.6. The Open Group
7.10.5.6.1. TOGAF® - The Open Group Architecture Framework
7.10.5.7. US Office of Management and Budget (OMB)
7.10.5.7.1. Federal Enterprise Architecture (FEA)
7.10.5.8. Zachman International®
7.10.5.8.1. Zachman’s framework
7.10.6. IT Governance
7.10.6.1. ISACA®
7.10.6.1.1. COBIT® 5 A business framework for the governance and management of enterprise IT
7.10.7. Information Provision / Demand Management (client side NOT IT side)
7.10.7.1. ASL BiSL Foundation
7.10.7.1.1. BiSL® - Business Information Services Library
7.10.7.1.2. www.aslbislfoundation.org
7.10.8. Maturity Models (selected)
7.10.8.1. SEI
7.10.8.1.1. CMM
7.10.8.1.2. CMMI
7.10.8.1.3. eSCM
7.10.8.2. see Maturity Models mind map
7.10.9. Outsourcing Management
7.10.9.1. IIOM®
7.10.9.1.1. Outsourcing Management Body of Knowledge (OMBOK™)
7.10.9.2. IAOP®
7.10.9.2.1. Outsourcing Professional Body of Knowledge™ (OPBOK®)
7.10.10. Process Frameworks
7.10.10.1. TM Forum
7.10.10.1.1. eTOM - Enhanced Telecom Operations Map
7.10.11. Procurement Management
7.10.11.1. ISPL Consortium
7.10.11.1.1. ISPL® - Information Services Procurement Library
7.10.12. Project Management
7.10.12.1. APM
7.10.12.1.1. APM Body of Knowledge
7.10.12.1.2. www.apm.org.uk
7.10.12.2. DSDM Consortium
7.10.12.2.1. The DSDM® AgilePF® - Agile Project Framework
7.10.12.2.2. AgilePM® V2
7.10.12.2.3. www.dsdm.org
7.10.12.3. AXELOS
7.10.12.3.1. PRINCE2® - PRojects IN Changing Environments
7.10.12.3.2. PRINCE2® - Agile
7.10.12.3.3. www.axelos.com
7.10.12.4. PMI
7.10.12.4.1. Project Management Body of Knowledge (PMBOK®)
7.10.12.4.2. www.pmi.org
7.10.13. Programme Management
7.10.13.1. DSDM Consortium
7.10.13.1.1. AgilePgM®
7.10.13.1.2. www.dsdm.org
7.10.13.2. AXELOS
7.10.13.2.1. MSP® - Managing Successful Programmes
7.10.13.2.2. www.axelos.com
7.10.14. Quality Management
7.10.14.1. EFQM
7.10.14.2. ISO
7.10.14.2.1. ISO 9001
7.10.14.3. Six Sigma - Six Sigma model for quality management
7.10.14.4. TickIT Quality management for IT
7.10.14.5. TickIT+ Quality management for IT
7.10.14.6. TQM - Total quality management
7.10.14.7. QBoK
7.10.14.7.1. Quality Body of Knowledge
7.10.15. Risk Managment
7.10.15.1. ISO
7.10.15.1.1. ISO 31000:2009
7.10.15.1.2. ISO 27005:2013
7.10.15.2. OCTAVE
7.10.15.3. CRAMM
7.10.15.4. TRA
7.10.15.5. NIST-800-30
7.10.15.6. EBIOS
7.10.15.7. MEHARI
7.10.15.8. ...
7.10.15.9. M_o_R® - Management of Risk
7.10.15.9.1. see M_o_R® mind map
7.10.16. Value Management / Engineering
7.10.16.1. AXELOS®
7.10.16.1.1. MoV® - Management of Value
7.10.16.1.2. www.axelos.com
7.10.16.2. SAVE International®
7.10.16.2.1. Value Methodology Standard
7.10.17. AXELOS®
7.10.17.1. AXELOS® Global Best Practices family of standards from UK.
7.10.17.1.1. ITIL® - IT Infrastructure Library
7.10.17.1.2. M_o_R® - Management of Risk
7.10.17.1.3. MoV® - Management of Value
7.10.17.1.4. MoP® - Management of Portfolios
7.10.17.1.5. MSP® - Managing Successful Programmes
7.10.17.1.6. PRINCE2® - PRojects IN Changing Environments
7.10.17.1.7. PRINCE2® Agile
7.10.17.1.8. P3O® - Portfolio, Programme and Project Office
8. Basic IT Governance (ITG) related definitions (from ISACA® CGEIT® perspective)
8.1. Accountability
8.1.1. Applies to those who either own the required resources or those who have the authority to approve the execution and / or accept the outcome of an activity within specific risk management processes.
8.1.2. Ideally only one person should be accountable - from accountability reasons.
8.1.2.1. e.g.
8.1.2.1.1. Project Management is accountable for risk affecting his project.
8.1.2.1.2. Team Leader is accountable for risks affecting his team and work.
8.2. Asset (ISACA®)
8.2.1. Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation.
8.3. Benefits Realization (COBIT® 5)
8.3.1. “One of the objectives of governance. The bringing about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value.”
8.4. Business case (ISACA®)
8.4.1. Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle.
8.5. Framework
8.5.1. Generally accepted, business process-oriented structures that establish a common language and enable repeatable business processes.
8.6. Goal (Mission)
8.6.1. Qualitative statements that describe a state of affairs or an accomplishment necessary for the business to become what it wants to become (the business vision).
8.7. IT Governance (ITG)
8.7.1. A governance view that ensures that information and related technology support and enable the enterprise strategy and the achievement of enterprise objectives; this also includes the functional governance of IT, i.e., ensuring that IT capabilities are provided efficiently and effectively. (ISACA®, COBIT5®)
8.7.2. goal
8.7.2.1. To understand the issues and the strategic importance of IT so that the enterprise can sustain its operations and implement the strategies required to extend its activities into the future.
8.7.2.2. Aims at ensuring that expectations for IT are met and IT risks are mitigated.
8.8. Objectives (milestones)
8.8.1. An objective must be quantitative - a specific, measurable achievement or milestone that must be reached to accomplish a goal or mission determined by appropriate metrics.
8.9. Portfolio (ISACA®)
8.9.1. Groupings of ‘objects of interest’ (investment programmes, IT services, IT projects, other IT assets or resources) managed and monitored to optimise business value.
8.10. Portfolio Management (ISACA®)
8.10.1. The goal of portfolio management (in relations to VAL IT) is to ensure that an enterprise secures optimal value across its portfolio of IT-enabled investments.
8.11. Practice
8.11.1. Frequent or unusual actions performed as an application of knowledge.
8.12. Project (ISACA®)
8.12.1. A structured set of activities concerned with delivering a defined capability (that is necessary but not sufficient, to achieve a required business outcome) to the enterprise based on an agreed on schedule and budget.
8.13. Risk
8.13.1. The potential for events and their consequences, contains both (aka. two sides of the risk coin):
8.13.1.1. Opportunities
8.13.1.1.1. for benefit (upside / benefits)
8.13.1.2. Threats
8.13.1.2.1. to success (downside / disbenefits)
8.13.2. Risk is defined as the possibility of an event occurring that will have an impact on the achievement of objectives, and it is typically measured in terms of likelihood and impact.
8.13.2.1. Risk = likelihood * impact
8.14. Standard
8.14.1. Established mandatory rules, specifications and metrics used to measure compliance against quality, value, etc.
8.15. Strategy
8.15.1. The deliberate application of means to achieve business vision and goal-related ends. The purpose of strategy is to maximize possibilities for success by effective use of the means available to an enterprise.
8.16. Value (ISACA®)
8.16.1. The relative worth or importance of an investment for an enterprise, as perceived by its key stakeholders, expressed as total lifecycle benefits net of related costs, adjusted for risk and (in the case of financial value) the time value of money.
8.17. Value creation (COBIT® 5)
8.17.1. “The main governance objective of an enterprise, achieved when the three underlying objectives (benefits realization, risk optimization and resource optimization) are all balanced.”
8.18. Value delivery
8.18.1. “Value delivery in the context of governance of IT concentrates on optimizing expenses and proving the value of IT.”
8.19. Vision
8.19.1. A statement of the enterprise’s purpose, why it exists and what it aspires to. The business vision of an enterprise is articulated by a set of goals that define what the business will strive for and where the business will invest its resources.
9. Domain 2: Strategic Management
9.1. Domain 2 - CGEIT® Exam Relevance
9.1.1. The content area for Domain 2 will represent ...
9.1.1.1. 20% of the CGEIT® examination
9.1.1.2. approximately 30 questions
9.2. Alignment between business and IT
9.2.1. Strategic Alignment Model (SAM)
9.2.1.1. Henderson and Venkatraman2
9.2.2. Extended Strategic Alignment Model (ESAM)
9.2.2.1. Maes
9.3. Strategic planning processes and techniques
9.3.1. The COBIT® 5 Goals Cascade
9.3.1.1. Stakeholder needs
9.3.1.1.1. Stakeholder Drivers Influence Stakeholder Needs
9.3.1.2. Enterprise goals
9.3.1.2.1. Stakeholder Needs Cascade to Enterprise Goals
9.3.1.3. IT-related goals
9.3.1.3.1. Enterprise Goals Cascade to IT-related Goals
9.3.1.4. Enabler goals
9.3.1.4.1. IT-related Goals Cascade to Enabler Goals
9.3.2. Value of the COBIT® 5 Cascade for Strategic Planning
9.3.2.1. Defines relevant and tangible goals and objectives.
9.3.2.2. Filters the knowledge base of COBIT®.
9.3.2.3. Clearly identifies and communicates how enablers are important to achieve enterprise goals.
9.4. Impact of changes in business strategy on IT Strategy
9.4.1. Agility
9.4.1.1. Enterprises need to be agile to keep up with their markets, and IT organizations must be agile to stay aligned with their enterprises.
9.4.2. Agility Loops
9.4.2.1. Loop 1: Monitoring and deciding
9.4.2.1.1. responsive decision making
9.4.2.2. Loop 2: Improving existing processes
9.4.2.2.1. improving existing operations
9.4.2.3. Loop 3: Creating new processes
9.4.2.3.1. creating new operations
9.4.2.4. Techniques for Conducting Agility Loops
9.4.2.4.1. Loop 1 (monitoring and deciding)
9.4.2.4.2. Loop 2 (improving existing processes)
9.4.2.4.3. Loop 3 (creating new processes)
9.5. Barriers to the achievement of strategic alignment
9.5.1. Expression barriers
9.5.2. Specification barriers
9.5.3. Implementation barriers
9.6. Policies and procedures necessary to support IT and business strategic alignment
9.6.1. Policies
9.6.2. Procedures
9.7. Methods to document and communicate IT strategic planning processes
9.7.1. Business Strategy
9.7.2. Balanced Scorecard (BSC)
9.7.2.1. What is it?
9.7.2.1.1. Strategic management system that helps organization translates its strategies into objectives that drive both behaviour and performance. Both financial and non-financial.
9.7.2.1.2. Measures are designed to track the progress of objectives against targets.
9.7.2.2. Financial
9.7.2.2.1. Share value, profit, revenue, cost of capital, debt, ROA, cash flow.
9.7.2.3. Customer
9.7.2.3.1. Market share, customer satisfaction, customer service, number of contracts, KYC, customer due diligence, number of claims.
9.7.2.4. Internal
9.7.2.4.1. Regulatory compliance, number of incidents, centralized data, process optimization.
9.7.2.5. Growth
9.7.2.5.1. Competitive advantage, reputation.
9.7.2.6. Further reading
9.7.2.6.1. http://www.mindtools.com/pages/article/newLDR_85.htm
9.7.3. IT Strategy
9.7.4. IT Balanced Scorecard (IT BSC)
9.8. Current and future technologies
9.9. Prioritization processes related to IT initiatives
9.9.1. Investment Portfolio Categorizations
9.9.2. IT-enabled Investment Programs
9.9.2.1. Benefits of IT Investment Programs
9.9.2.1.1. 4 types of benefits of new IT initiative
9.9.3. Return on Investment (ROI)
9.9.3.1. The ROI of an IT-driven initiative answers the question, Is this project worth doing? Is this process worth continuing?
9.9.3.2. The process of calculating ROI requires the input from both business and technical people.
9.9.3.3. To be complete, ROI analysis should be performed twice.
9.9.3.3.1. The first analysis should show the net present value (NPV) of the initiative using the low end of the range of benefits estimated and the second should use the high end of the estimated benefits.
9.9.3.4. Calculating Return on IT Investment
9.9.3.4.1. Various techniques can be helpful (selected)
9.9.3.5. If there is consensus and the ROI shows that the initiative produces a low NPV, then there is no point in continuing with the initiative.
9.9.3.6. Only initiatives that have a consensus on costs and benefits and show a high NPV get to continue on into the “design” phase.
9.9.3.7. Net Present Value (NPV) - the impact on revenue compared to the produced benefits.
9.10. Scope, objectives and benefits of IT investment programs & projects
9.10.1. Current Practice in Business Case Development
9.10.2. Business Case Components
9.10.3. Business Cases as Operational Tools
9.11. Benchmarking
9.11.1. Benchmarking is a performance measurement tool
9.11.1.1. It measures performance of comparable enterprises and identifies the best practices.
9.11.1.2. Allows management to measure their operations against other similar organizations
9.11.1.3. Base decisions on objective, quantifiable measures.
9.11.1.4. Keep in line with competitors.
9.11.2. General 12 step approach to Benchmarking
9.11.2.1. 1. Develop senior management commitment.
9.11.2.2. 2. Develop a mission statement.
9.11.2.3. 3. Plan.
9.11.2.4. 4. Identify customers.
9.11.2.5. 5. Perform research.
9.11.2.6. 6. Identify partners.
9.11.2.7. 7. Develop measures.
9.11.2.8. 8. Develop and administer questionnaires.
9.11.2.9. 9. Scrub and analyze data.
9.11.2.10. 10. Isolate best practices.
9.11.2.11. 11. Conduct site visits and interviews.
9.11.2.12. 12. Present findings and monitor results.
9.12. Project Management tools and techniques (non-exhaustive list)
9.12.1. Critical Path Method (CPM)
9.12.1.1. example #1
9.12.2. Gantt chart
9.12.2.1. example #1
9.12.3. PERT chart and CPM
9.12.3.1. example #1
9.12.4. Product Breakdown Structure (PBS).
9.12.5. Resourse Breakdown Structure (RBS).
9.12.6. Work Breakdown Structure (WBS).
9.13. 6 methods to cascade business and IT objectives to key personnel
9.13.1. 1. Illustrating and Quantifying the IT Strategy
9.13.2. 2. Communicating constantly
9.13.3. 3. Focus on explaining and training
9.13.4. 4. Using a participatory style of decision-making process
9.13.5. 5. Documenting operational procedures
9.13.6. 6. Benchmarking other organizations
9.14. Strategic Alignment and Roles
9.14.1. Creating and sustaining awareness of the strategic role of IT at a top management level.
9.14.2. Clarifying the role that IT should play - utility vs. enabler.
9.14.3. Creating IT guiding principles based on business culture.
9.14.4. The culture of IT should reflect the same culture as the business IT supports.
10. Domain 3: Benefits Realization
10.1. Domain 3 - CGEIT® Exam Relevance
10.1.1. The content area for Domain 3 will represent ...
10.1.1.1. 16% of the CGEIT® examination
10.1.1.2. approximately 24 questions
10.2. Lack of Benefits Realization
10.2.1. A 2002 Gartner survey found that 20 percent of all expenditures on IT is wasted - a finding that represents, on a global basis, an annual destruction of value totalling about US $600 billion.
10.2.2. A 2004 IBM survey of Fortune 1000 CIOs found that, on average, CIOs believe that 40 percent of all IT spending brought no return to their organisations.
10.2.3. A 2006 study conducted by The Standish Group found that only 35 percent of all IT projects succeeded while the remainder (65 percent ) were either challenged or failed.
10.2.3.1. see The Standish Group Report - chaos-report
10.2.4. Cook, R.; ‘How to Spot a Failing IT Project’, CIO Magazine, 17 July 2007
10.2.4.1. http://www.cio.com/article/124309/How_to_Spot_a_Failing_Project
10.3. Enterprise Governance of IT Focus Areas
10.3.1. Strategic alignment
10.3.2. Value delivery
10.3.3. Resource management
10.3.4. Risk management
10.3.5. Performance measurement
10.4. Val IT Framework
10.4.1. VAL IT sets out good practices for the goals and objectives of IT investment, by providing enterprises with the structure they require to measure, monitor and optimise the realisation of business value from investment in IT.
10.4.2. Are applied through 3 domains
10.4.2.1. Value governance.
10.4.2.2. Portfolio Management.
10.4.2.3. Investment Management.
10.4.3. 6 Key Value Governance Practices
10.4.3.1. VG1 Establish informed and committed leadership
10.4.3.2. VG2 Define and implement processes
10.4.3.3. VG3 Define portfolio characteristics
10.4.3.4. VG4 Align and integrate value management with enterprise financial planning
10.4.3.5. VG5 Establish effective governance monitoring
10.4.3.6. VG6 Continuously improve value management practices
10.5. Value Governance Practices
10.5.1. Programs are selected based not just on their desirability, but also on the enterprise’s ability to deliver them.
10.5.2. Having methodologies in place is less important than whether business managers and specialists use them.
10.5.3. Robust and realistic business cases are used and, if possible, include benefits for all stakeholders.
10.5.4. Benefits are managed over the entire investment life cycle through consistently applied practices and processes.
10.5.5. Integrated planning addresses benefit delivery as well as organizational, process and technology changes.
10.5.6. Business ownership and accountability are assigned for all benefits and changes targeted.
10.5.7. Investments and their results in terms of whether benefits are realized are systematically monitored and reviewed.
10.5.8. Lessons learned are consistently gleaned from both successful and unsuccessful programs, and used to improve the planning and management of new ones.
10.6. Investment Management
10.6.1. There are different categories of investment with differing levels of complexity and degrees of freedom in allocating funds.
10.6.1.1. e.g.
10.6.1.1.1. Innovation.
10.6.1.1.2. Venture.
10.6.1.1.3. Growth.
10.6.1.1.4. Operational improvement.
10.6.1.1.5. Operational maintenance.
10.6.1.1.6. Mandatory investments.
10.6.2. IT Investment Objectives
10.6.2.1. Transactional
10.6.2.1.1. To cut costs or increase throughput for the same cost - faster transaction processing.
10.6.2.2. Informational
10.6.2.2.1. To provide better information support for business purposes - including to manage, control, report compliance, communicate, collaborate or analyze (e.g., a sales analysis or reporting system).
10.6.2.3. Strategic
10.6.2.3.1. To gain competitive advantage or position in the marketplace (e.g. offering a service not offered by competitors).
10.6.2.4. Infrastructure
10.6.2.4.1. The base foundation of shared IT services used by multiple applications (e.g. servers, networks, laptops, customer databases).
10.6.3. Managing IT Investments
10.6.3.1. Choose
10.6.3.1.1. Determine priorities. Cost, benefits etc.
10.6.3.2. Control
10.6.3.2.1. Continue to meet milestones. Cancel or continue.
10.6.3.3. Evaluate
10.6.3.3.1. Post implementation reviews.
10.6.4. 3 Key Components of Investment Management
10.6.4.1. Business Case
10.6.4.1.1. Essential to selecting the right investment programs and to manage them during their execution
10.6.4.2. Program Management
10.6.4.2.1. Governs all processes that support execution of the programs.
10.6.4.3. Benefits Realization
10.6.4.3.1. The set of tasks required to actively manage the realization of program benefits.
10.6.5. IT Investment Management Practices and Processes from Val IT Framework perspective
10.6.5.1. Val IT process dedicated to Investment Management
10.6.5.1.1. Develop and evaluate the initial program concept business case.
10.6.5.1.2. Understand the candidate program and implementation options.
10.6.5.1.3. Develop the program plan.
10.6.5.1.4. Develop full life-cycle costs and benefits.
10.6.5.1.5. Develop the detailed candidate program business case.
10.6.5.1.6. Launch and manage the program.
10.6.5.1.7. Update operational IT portfolios.
10.6.5.1.8. Update the business case.
10.6.5.1.9. Monitor and report on the program.
10.6.5.1.10. Retire the program.
10.6.6. 2 Types of Benefits Realization
10.6.6.1. Business benefits
10.6.6.1.1. Contribute directly to value (an outcome that is expected to, or does directly increase value.
10.6.6.2. Intermediate benefits
10.6.6.2.1. Benefits that are not business benefits but might lead to business benefits including leveraging assets, improving customer service, improving morale, or better management of information.
10.7. Portfolio Management
10.7.1. The goal of portfolio management (in relations to VAL IT) is to ensure that an enterprise secures optimal value across its portfolio of IT-enabled investments.
10.8. The Business Case
10.8.1. At a minimum, the business case should include the following
10.8.1.1. The business benefits targeted, their alignment with business strategy and who in the business functions will be responsible for securing them.
10.8.1.2. Business changes needed to create additional value.
10.8.1.3. The investments needed to make the business changes.
10.8.1.4. The investments required to change or add new.
10.8.1.5. IT services and infrastructure.
10.8.1.6. The ongoing IT and business costs of operating in the changed way.
10.8.1.7. The risks inherent in the above, including any constraints or dependencies.
10.8.1.8. Who will be accountable for the successful creation of optimal value.
10.8.1.9. How the investment and value creation will be monitored throughout the economic life cycle, and the metrics to be used.
10.8.2. Development of a Business Case
10.8.2.1. Building a fact sheet with all the relevant data, followed by analysis of the data in steps 2-5.
10.8.2.2. Alignment analysis.
10.8.2.3. Financial benefits analysis.
10.8.2.4. Nonfinancial benefits analysis.
10.8.2.5. Risk analysis resulting in step 6.
10.8.2.6. Appraisal and optimization of the risk / return of the IT-enabled investment represented by step 7.
10.8.2.7. Structured recording of the results of the previous steps and documentation of the business case and, maintained by step 8.
10.8.2.8. Review of the business case during the program execution, including the entire life cycle of the program results.
10.9. 7 Best Practices for Systems Development
10.9.1. Closely align systems projects with business goals.
10.9.2. Use systems to change the competitive landscape.
10.9.3. Leverage the strengths of existing systems.
10.9.4. Use the simplest combination of technology and business procedures to achieve as many different objectives as possible.
10.9.5. Structure the design so as to provide flexibility in the development sequence used to create the system.
10.9.6. Ensure that systems are not built with levels of complexities which exceed the organization’s capabilities.
10.9.7. Ensure that projects are not renewed using the same organizational approach or using the same systems design after it has once failed.
11. Domain 4: Risk Optimization
11.1. Domain 4 - CGEIT® Exam Relevance
11.1.1. The content area for Domain 4 will represent ...
11.1.1.1. 24% of the CGEIT® examination
11.1.1.2. approximately 36 questions
11.2. Risk Management
11.2.1. What is it?
11.2.1.1. The (constant) process of balancing the risk associated with business activities with an adequate level of control that will enable the business to meet its objectives.
11.2.1.2. Holistically covers all concepts and processes affiliated with managing risk, including:
11.2.1.2.1. Systematic application of management policies, procedures and practices
11.2.1.2.2. Establishing the context
11.2.1.2.3. Communicating, consulting
11.2.1.2.4. Identifying
11.2.1.2.5. Analysing
11.2.1.2.6. Evaluating
11.2.1.2.7. Treating
11.2.1.2.8. Controlling
11.2.1.2.9. Monitoring
11.2.1.2.10. Reviewing
11.2.2. Goal
11.2.2.1. Major goal of risk management in the decision-making process is to manage the uncertainty.
11.2.3. High Level Process Phases (Risk IT)
11.2.3.1. 1. Collect Data
11.2.3.2. 2. Analyze Risk
11.2.3.3. 3. Maintain Risk Profile
11.3. Asset risk
11.4. Hazard risk
11.5. Strategic risk
11.6. Risk Hierarchy - 4 Levels of Risk
11.6.1. Portfolio risk
11.6.1.1. goal
11.6.1.1.1. Management of stakeholder perceptions that would affect the reputation of an organization.
11.6.1.1.2. Ensuring business success of the organization.
11.6.1.2. context
11.6.1.2.1. business success
11.6.1.2.2. business vitality
11.6.1.2.3. finance
11.6.1.2.4. core services
11.6.1.2.5. organization / enterprise capabilities
11.6.1.2.6. resources
11.6.1.2.7. portfolio management
11.6.2. Program risk
11.6.2.1. goal
11.6.2.1.1. Delivering business change with measurable benefits.
11.6.2.1.2. Delivering business transformation.
11.6.2.1.3. Delivering outcomes.
11.6.2.2. context
11.6.2.2.1. benefits
11.6.2.2.2. capabilities
11.6.2.2.3. programme management
11.6.3. Project risk
11.6.3.1. goal
11.6.3.1.1. Producing defined business change products within time, cost and scope constraints.
11.6.3.1.2. Delivering outputs.
11.6.3.2. context (6 project parameters)
11.6.3.2.1. time
11.6.3.2.2. budget
11.6.3.2.3. benefits
11.6.3.2.4. quality
11.6.3.2.5. scope
11.6.3.2.6. risk
11.6.3.3. context
11.6.3.3.1. project management
11.6.4. Operational risk
11.6.4.1. goal
11.6.4.1.1. Maintaining business services to appropriate levels.
11.6.4.1.2. Day-to-day management.
11.6.4.1.3. Business as Usual (BaU).
11.6.4.2. context
11.6.4.2.1. reputation
11.6.4.2.2. volume
11.6.4.2.3. quality
11.6.4.2.4. internal control
11.6.4.2.5. revenue
11.6.4.2.6. staff
11.6.4.2.7. customer
11.7. 3 domains in the Risk IT framework
11.7.1. Risk Governance
11.7.2. Risk Evaluation
11.7.3. Risk Response
11.8. IT Risk in the Risk Hierarchy (from ISACA® Risk IT™ perspective)
11.8.1. Strategic Risk
11.8.2. Environment Risk
11.8.3. Market Risk
11.8.4. Credit Risk
11.8.5. Operational Risk
11.8.6. Compliance Risk
11.8.7. IT-related Risk
11.9. Three IT Risk Categories (from ISACA® Risk IT™ perspective)
11.9.1. IT Benefit / Value Enablement
11.9.1.1. e.g.
11.9.1.1.1. Technology enabler for new business initiatives.
11.9.1.1.2. Technology enabler for efficient operations.
11.9.1.1.3. Technology enabler for higher SLAs / OLAs levels.
11.9.2. IT Programme and Project Delivery
11.9.2.1. e.g.
11.9.2.1.1. Project relevance / priority.
11.9.2.1.2. Project time / budget overrun.
11.9.2.1.3. Project quality.
11.9.3. IT Operations and Service Delivery
11.9.3.1. e.g.
11.9.3.1.1. IT service interruptions (SLAs / OLAs crisis).
11.9.3.1.2. Security issues.
11.9.3.1.3. Compliance / regulatory issues.
11.10. 3 basic types of SLAs (based on ITIL®)
11.10.1. Service based SLA
11.10.1.1. Agreement that covers one service for all the customers of that service.
11.10.2. Customer based SLA
11.10.2.1. Agreement with the individual Customer group, covering all the services they use. More flexible, better adjusted to customer’s needs but more complicated.
11.10.3. Multi-level SLA
11.10.3.1. Good for the largest organisations. The most complex, divided on levels:
11.10.3.1.1. Corporate level
11.10.3.1.2. Customer level
11.10.3.1.3. Service level
11.11. IT services sourcing models
11.11.1. Insourcing (Internal)
11.11.1.1. Using an internal service provider to manage IT services.
11.11.2. Outsourcing (External)
11.11.2.1. Using an external service provider to manage IT services.
11.11.3. Co-sourcing
11.11.3.1. Combination of insourcing and outsourcing. Other models.
11.11.4. Multi-sourcing
11.11.4.1. Formal arrangement between to or more provider organisations to work together and support one large customer (consortium)
11.11.5. Other models (selected)
11.11.5.1. Business Process Outsourcing.
11.11.5.1.1. entire business process outsourcing
11.11.5.2. Application Service Provision.
11.11.5.2.1. providing computer based-services over a network
11.11.5.3. Knowledge Process Outsourcing.
11.11.5.3.1. providing business and domain-based expertise
11.11.5.4. ...
11.12. Availability Management
11.12.1. Mean Time Between Service Incidents (MTBSI).
11.12.2. Mean Time Between Failures (MTBF).
11.12.2.1. aka. uptime.
11.12.3. Mean Time to Restore Service (MTRS).
11.12.3.1. aka. downtime.
11.12.4. Mean Time To Repair (MTTR).
11.12.5. Single Poinf Of Failure (SPOF).
12. Domain 5: Resource Optimization
12.1. Domain 5 - CGEIT® Exam Relevance
12.1.1. The content area for Domain 5 will represent ...
12.1.1.1. 15% of the CGEIT® examination
12.1.1.2. approximately 22 questions
12.2. Resource Management
12.3. 4 Critical IT Resources
12.3.1. Applications
12.3.1.1. An application system adds value through its support for business processes and interaction with people and other systems.
12.3.2. Infrastructure
12.3.2.1. IT infrastructure includes hardware (memory, CPU, storage), software, networks and controls that facilitate business activities.
12.3.3. Information
12.3.3.1. Information resources (more commonly referred to as assets) are often among the most valuable assets owned by the organization. Their confidentiality, integrity.
12.3.4. People
12.3.4.1. People make up the most critical and aspect of business operations. The enterprise requires personnel with the right skills to operate systems and support business.
12.4. IT Provisioning
12.4.1. Organizations must determine the best way to provision IT services
12.4.1.1. Internal (aka. Insourcing)
12.4.1.1.1. Advantages
12.4.1.1.2. Disadvantage
12.4.1.2. External (aka. Outsourcing)
12.4.1.2.1. Advantages
12.4.1.2.2. Disadvantage
12.4.1.3. Multiple Outsourcing Suppliers (aka. Multisourcing)
12.4.1.3.1. Advantages
12.4.1.3.2. Disadvantage
12.4.2. Services that are Eligible for Outsourcing (selected)
12.4.2.1. Enterprise Resource Planning (ERP).
12.4.2.2. Customer Relationship Management (CRM).
12.4.2.3. Knowledge management and collaboration.
12.4.2.4. End-user and distributed computing.
12.4.2.5. Corporate platforms and data.
12.4.2.6. Data networks and service.
12.4.2.7. Voice networks and services.
12.4.2.8. Storage.
12.4.2.9. ...
12.5. Human Resource Management (HRM)
12.5.1. HR philosophies.
12.5.2. HR strategies.
12.5.3. HR policies.
12.5.4. HR processes
12.5.5. HR practices.
12.5.6. HR programs.
12.6. Value of Human Resources
12.6.1. Human capital can be regarded as the prime asset of an organization, and businesses need to invest in people to ensure business survival and growth.
12.6.2. Aims to ensure that the enterprise obtains and retains the skilled, committed and well motivated workforce it needs.
12.6.2.1. Motivating IT professionals to increase productivity and reduce turnover involves a number of factors that IT managers need to manage.
12.6.3. It means engaging in talent management - the process of acquiring and nurturing talent.
12.7. 7 key factors to increase productivity and help reduce IT staff turnover
12.7.1. Provide strong leadership especially during times of change.
12.7.2. Provide staff with development plans & a clearly defined career path.
12.7.3. Allow people to learn new technologies.
12.7.4. Ask staff what they want.
12.7.5. Give staff resources / support to do their job.
12.7.6. Be competitive in salary / benefits.
12.7.7. Ensure staff perceive job as meaningful.
12.8. Cost-benefit Analysis (CBA)
12.8.1. Compares the costs with the benefits of the IT enabled investment that can be directly and indirectly attributed to the investment.
12.8.2. Techniques (selected)
12.8.2.1. Payback period.
12.8.2.2. Net present value analysis (NPV) / Internal rate of return (IRR).
12.8.2.3. Return on investment (ROI).
12.8.2.4. Return on security investment (ROSI).
12.8.2.5. Breakeven analysis.
12.9. Nonfinancial Cost Benefit Analysis (nCBA)
12.9.1. Involves a comparative examination of the costs and benefits of a project by using some surrogate measure for intangible costs or benefits, that can be expressed in monetary terms.
12.9.2. As an example increase customer satisfaction, the benefit may be expressed in terms of reducing the cost of returned products and reducing the number of customer complaints.
13. Roles and Responsibilities
13.1. Board
13.2. Chief Executive Officer (CEO)
13.2.1. important on exam!
13.3. Chief Financial Officer (CFO)
13.3.1. important on exam!
13.4. Chief Risk Officer (CRO)
13.4.1. important on exam!
13.5. Chief Security Officer (CSO)
13.6. Chief Operating Officer (COO)
13.6.1. important on exam!
13.7. Chief Information Officer (CIO)
13.7.1. important on exam!
13.8. Chief Information Risk Officer (CIRO)
13.9. Chief Information Security Officer (CISO)
13.10. Business Executive
13.11. Business Process Owner
13.12. Strategy Committee (IT Executive)
13.13. IT Sterring Commitee
13.13.1. important on exam!
13.14. Project and Programme Steering Committees
13.15. Architecture Board
13.16. Enterprise Risk Committee
13.17. Head of HR
13.18. Compliance
13.19. Audit
13.20. Head of Architecture
13.21. Head of Development
13.22. Head of IT Operations
13.23. Head of IT Administration
13.24. Programme and Project Management Office (PMO)
13.24.1. important on exam!