You are on page 1of 55

Mapping CGEIT and CobiT Controls

Applicable Cobit Control Objectives for CGEIT: 66


Sr.
No.

Job Practice
Domains
No.
Domain

CGEIT
Task Statement
No.

5
1

IT Governance
Framework

10

10

11

11

11

11

12

13

14

15

16

17

Strategic
Alignment

18

19

20
21

9
10

22

11

23

12

24

25

26

27

Value Delivery

28
29

Value Delivery

30

31

32

33

10

34

11

35

36

37

38

4
4

Risk
Management

39

40

41

41

42

43

44

45

46

47

48

49

Resource
Management

50

51

52

10

53

11

54

Performance

55

56

Performance
Measurement

57

58

59

and CobiT Controls

ntrol Objectives for CGEIT: 66


CGEIT
Task Statement
Statement
Define the requirements and objectives for, and drive the establishment of, IT
governance in an enterprise, considering values, philosophy, management
style, IT awareness, organization, standards and policies.

Ensure that an IT governance framework exists and is based on a


comprehensive and repeatable IT process and control model that is aligned
with the enterprise governance framework.
Establish appropriate management governance structures, such as an
enterprise investment committee, IT strategy committee, IT steering
committee, technology council, IT architecture review board, business needs
committee and IT audit committee.
Ensure that the enterprise and IT governance frameworks enable the
enterprise to achieve optimal value for the enterprise.

Confirm that the IT governance framework ensures compliance with applicable


external requirements and ethical statements that are aligned with, and
confirm delivery of, the enterprises goals, strategies and objectives.

Obtain independent assurance that IT conforms with relevant external


requirements; contractual terms; organizational policies, plans and procedures;
generally accepted practices; and the effective and efficient practice of IT.
Apply IT best practices to enable the business to achieve optimal value from
implementation of IT services and IT-enabled business solutions.
Ensure the establishment of a framework for IT governance monitoring
(considering cost/benefits analyses of controls, return on investment for
continuous monitoring, etc.), an approach to track all IT governance issues and
remedial actions to closure, and a lessons-learned process.
Ensure that appropriate roles, responsibilities and accountabilities are
established and enforced for information requirements, data and system
ownership, IT processes, and benefits and value realization.
Report IT governance status and issues, and effect transparency in reporting.
Establish a communications plan to continuously market, communicate and
reinforce the need and value of IT governance across the enterprise.

Establish a communications plan to continuously market, communicate and


reinforce the need and value of IT governance across the enterprise.
Define and implement a strategic planning framework, requiring and
facilitating collaborative and integrated business and IT management
planning.
Actively support/promote and participate in IT management planning by
employing best practice enterprise architecture (EA) frameworks.

Ensure that appropriate policies and procedures are in place, understood and
followed to support IT and business strategic alignment.
Identify and take action on barriers to strategic alignment.
Ensure that effective communication and engagement exists between
business and IT management regarding shared strategic initiatives and
performance.
Ensure business and IT goals cascade down through the enterprise into clear
roles, responsibilities and actions.
Assist senior management by aligning IT initiatives with business objectives
and facilitating prioritization of business strategies that optimally achieve
business objectives.
Identify and monitor the interdependencies of strategic initiatives and their
impact on value delivery and risk.
Ensure that the strategic planning process is adequately documented,
transparent and meets stakeholder needs.
Maintain and update the IT management plans, artifacts and standards for the
enterprise.
Monitor, evaluate and report on the effectiveness of the alignment of IT and
enterprise strategic initiatives.
Monitor and assess current and future technologies and provide advice on the
costs, risks and opportunities that they bring.
Ensure that business takes ownership and accountability for business cases,
business transformation, organizational change, business process operation
and benefit realization for all IT-enabled business investments.

Ensure that all IT-enabled investments are managed as a portfolio of


investments.

Ensure that all IT-enabled investments are managed as programs and include
the full scope of activities and expenditures that are required to achieve
business value.

Ensure that all IT-enabled investments are managed through their full
economic life cycle so that value is optimized.

Recognize that different categories of investments need to be evaluated and


managed differently.
Ensure that all IT solutions are developed and maintained effectively and
efficiently through the development life cycle to deliver the required
capabilities.
Ensure that all IT services are delivered to the business with the right service
levels.
Ensure that IT services enable the business to create the required business
value using assets (people, applications, infrastructure and information) to
deliver the appropriate capabilities at optimal cost.

Define and monitor appropriate metrics for the measurement of solution and
service delivery against objectives and for the measurement of benefits
realized, and respond to changes and deviations.

Engage all stakeholders and assign appropriate accountability for delivery of


business and IT capabilities and realization of benefits.
Ensure that IT investments, solutions and services are aligned with the
enterprise strategies and architecture
Ensure that IT risk identification, assessment, mitigation, management,
communication and monitoring strategies are integrated into business
strategic and tactical planning processes.
Align the IT risk management processes with the enterprise business risk
management framework (where this exists).
Ensure a consistent application of the risk management framework across the
enterprise IT environment.

Ensure that risk assessment and management is included throughout the


information life cycle.
Define risk management strategies, and prioritize responses to identified risks
to maintain risk levels within the appetite of the enterprise.
Ensure that risk management strategies are adopted to mitigate risk and to
manage to acceptable residual risk levels.

Implement timely reporting on risk events and responses to appropriate levels


of management (including the use of key risk indicators, as appropriate).

Implement timely reporting on risk events and responses to appropriate levels


of management (including the use of key risk indicators, as appropriate).

Establish monitoring processes and practices to ensure the completeness and


effectiveness of established risk management processes.
Ensure that the requirements for trained resources with the requisite skill sets
are understood and are assessed appropriately.
Ensure the existence of appropriate policies for the training and development
of all staff to help meet enterprise requirements and personal/professional
growth.
Develop and facilitate the maintenance of systems to record the resources
available and potentially available to the enterprise.
Undertake gap analyses to determine shortfalls against requirements to ensure
that the business and IT resources (people, application, information,
infrastructure) are able to meet strategic objectives.
Effectively and efficiently ensure clear, consistent and enforceable human
resource allocation to investment programs and services.
Ensure that sourcing strategies are based on the effective use of existing
resources and the identification of those that need be acquired.
Ensure that people, hardware, software and infrastructure procurement
policies exist to effectively and efficiently fulfill resource requirements.

Through periodic assessment of the training requirements for human


resources, ensure that sufficient, competent and capable human resources are
available to execute the current and future strategic objectives and that they
are kept up to date with constantly evolving technology.
Ensure integration of resource identification, classification, allocation and
periodic evaluation processes into the businesss strategic and tactical
planning and operations.
Ensure that the IT infrastructure is standardized; economies of scale are
achieved, wherever possible; and interoperability exists, where required, to
support the agility needs of the enterprise.
Ensure that IT assets are managed and protected through their economic life
cycle and are aligned with current and long-term business operations
requirements to support cost-effective achievement of business objectives
Establish the enterprise's strategic IT objectives, with the board of directors
and executive leadership team, categorized into four areas: financial (business
contribution), customer (user orientation), internal process (operational
excellence), learning and growth (future orientation), or whatever areas are
appropriate for the enterprise.

Establish outcome and performance measures, supported by metrics, and


targets that assess progress toward the achievement of enterprise and IT
objectives and the business strategy.
Evaluate IT process performance, track IT investment portfolio performance,
and measure IT service delivery through the use of outcome measures and
performance drivers.
Use maturity models and other assessment techniques to evaluate and report
on the health of the enterprises performance level.
Use continuous performance measurement to identify, prioritize, initiate and
manage improvement initiatives and/or appropriate management action.
Report relevant portfolio, program and IT performance to relevant stakeholders
in an appropriate, timely and accurate manner

No.
PO1.4
PO4.5
PO6.1

CobiT
Contols
Description
IT Stratetic Plan
IT Organizational Structure
IT Policy and Control Environment

ME4.1
PO1.2
PO4.1

Establishment of an IT Governance Framework


Business-IT Alignment
IT Process Framework

ME4.1

Establishment of an IT Governance Framework

PO4.2

IT Strategy Committee

PO4.3

IT Steering Committee

PO4.5
PO1.1
ME4.3
PO1.2

IT Organizational Structure
IT Value Management
Value Delivery
Business-IT Alignment

ME3.1

Identification of External Legal, Regulatory and


Contractual Compliance Requirements

ME3.2

Optimization of Response to External Requriements

ME3.3

Evaluation of Compliance With External


Requirements

PO3.3

Monitor Future Trends and Regulations

ME4.7

Independent Assurance

PO1.5

IT Tactical Plans

PO6.4

Policy, Standard and Procedures Rollout

ME4.1

Establishment of an IT Governance Framework

ME4.2

Strategic Alignment

PO4 .6
ME4.6
ME 3.5

Establishment of Roles and Responsibilities


Performance Measurement
Integrated Reporting

PO6.4

Policy, Standard and Procedures Rollout

PO6.5

Communication of IT Objetive and Direction

ME4.1
PO1.4
PO1.5
PO2.1

Establishment of an IT Governance Framework


IT Stratetic Plan
IT Tactical Plans
Enterprise Information Architecture model

PO6.3

IT Policies Management

PO6.1

IT Policy and Control Environment

PO6.5

Communication of IT Objetive and Direction

PO4.6

Establishment of Roles and Responsibilities

PO1.2

Business-IT Alignment

ME4.3

Value Delivery

PO1.4
PO6.3

IT Stratetic Plan
IT Policies Management

PO6.4

Policy, Standard and Procedures Rollout

ME4.2

Strategic Alignment

PO3.3

Monitor Future Trends and Regulations

PO1.1

IT Value Management

PO5.1

Financial Management Framework

ME4.1
PO1.6
PO5.1

Establishment of an IT Governance Framework


IT Portfolio Management
Financial Management Framework

ME4.1
PO1.1
PO5.1
PO10.1
PO10.2

Establishment of an IT Governance Framework


IT Value Management
Financial Management Framework
Programme Management Framework
Project Management Framework

ME4.1
ME4.3
PO5.2
ME4.3

Establishment of an IT Governance Framework


Value Delivery
Prioritization within IT Budget
Value Delivery

PO10.3
PO5.1

Project Management Approach


Financial Management Framework

PO10.7

Integrated Project Plan

PO5.5
PO1.1
DS1.3
DS1.4

Benefit Management
IT Value Management
Service Level Agreements
Operating Level Agreements

PO5.3

IT Budgeting

PO5.4

Cost Management

PO10.13
ME 1.1
ME 1.2
ME 1.4
ME 1.5
ME 1.6

Project Peformane Measurement, Reporting and


Monitoring
Monotoring Approach
Definition and collection of Monitoring Data
Performance Assessment
Board and Executive Reporting
Remedial Actions

DS 1.5
PO1.1

Monitoring and Reporting of Service Level


Achievements
IT Value Management

PO5.5

Benefit Management

ME4.2

Strategic Alignment

PO4.8
PO9.1
PO9.4

Responsibility of Risk, Security and Compliance


IT Risk Management Framework
Risk Assessment

PO9.1

IT Risk Management Framework

PO4.8
PO9.2
PO10.9
DS2.3
PO9.2
PO10.9

Responsibility of Risk, Security and Compliance


Establishment of Risk Context
Project Risk Management
Supplier Risk Management
Establishment of Risk Context
Project Risk Management

ME4.5
PO9.2
PO9.3
PO9.4
PO9.5
ME4.5
AI1.2
PO9.3

Risk Management
Establishment of Risk Context
Event Identification
Risk Assessment
Risk Response
Risk Management
Risk Analysis Report
Event Identification

PO9.6

Maintenance and Monitoring of Risk Action Plan

PO9.6

Maintenance and Monitoring of Risk Action Plan

ME4.5
PO7.1
PO7.2

Risk Management
Personnel Recruitment and Retention
Personnel Competencies

DS7.1

Identification of Education and Training Needs

PO7.3

Staffing of Roles

PO7.4

Personnel Tranining

PO4.12

IT Stagging

PO4.1

IT Process Framework

PO7.1

Personnel Recruitment and Retention

ME4.4

Resource Management

PO4.5

IT Organizational Structure

PO7.2

Personnel Competencies

AI5.1

Procurement Control

ME4.4

Resource Management

PO1.3
PO4.5
PO7.1
PO7.2
PO7.7
PO1.4
PO1.5
ME4.4

Assessment of Current Capability and Performance


IT Organizational Structure
Personnel Recruitment and Retention
Personnel Competencies
Employee Job Performance Evaluation
IT Strategic Plan
IT Tactical Plans
Resource Management

PO3.2

Technbology Infrastructure Plan

PO1.5

IT Tactical Plans

PO5.2

Prioritization within IT Budget

PO1.4

IT Strategic Plan

PO5.1

Financial Management Framework

ME1.1

Monitoring Approach

ME1.3

Monitoring Method

ME1.2
ME1.3
ME1.4

Definition and collection of Monitoring Data


Monitoring Method
Performance Assessment

ME1.4

Performance Assessment

ME4.3

Value Delivery

ME1.4

Performance Assessment

ME1.6

Remedial Actions

ME1.5

Board and Executive Reporting

ME4.6

Performance Measurement

Mapping Matrix - COBIT/CGEIT


Applicable Cobit Control Objectives for CGEIT: 66
COBIT
Sr.
No.

Domain

Process

PO1 - Define a
Strategic IT Plan

PO2 - Define the


Information
Architecture

Control Objective
PO1.1 - IT Value Management
PO1.2 - Business-IT Alignment
PO1.3 - Assessment of Current Capability
and Performance
PO1.4 - IT Strategic Plan
PO1.5 - IT Tactical Plans
PO1.6 - IT Portfolio Management
PO2.1 - Enterprise Information Architecture
Model
PO2.2 - Enterprise Data Dictionary and
Data Syntax Rules
PO2.3 - Data Classification Schema
PO2.4 - Integrity Management
PO3.1 - Technological Direction Planning

PO3.2 - Technology Infrastructure Plan


PO3 - Determine
Technological Direction PO3.3 - Monitor Future Trends and
Regulations
PO3.4 - Technology Standards
PO3.5 - IT Architecture Board
PO4.1 - IT Process Framework
PO4.2 - IT Strategy Committee
PO4.3 - IT Steering Committee
PO4.4 - Organizational Placement of IT
Function
PO4.5 - IT Organizational Structure
PO4.6 - Establishment of Roles and
Responsiblities
PO4 - Define the IT
Processes,
Organization and
Relationship

PO4.7 - Responsibility of IT Quality


Assurance
PO4.8 - Responsibility of Risk, Security and
Compliance
PO4.9 - Data and System Ownership
PO4.10 - Supervision
PO4.11 - Segregation of Duties
PO4.12 - IT Stagging

PO4.13 - Key IT Personnel


PO4.14 - Contracted Staff Policies and
Procedures
PO4.15 - Relationships
PO5.1 - Financial Management Framework
PO5 - Manage the IT
Investment

PO5.2
PO5.3
PO5.4
PO5.5

Prioritization within IT Budget


IT Budgeting
Cost Management
Benefit Management

PO6.1 - IT Policy and Control Environment

Plan and
Orgnanize
(PO)

PO6.2 - Enterprise IT Risk and Control


Framework
PO6 - Communicate
Management Aims and PO6.3 - IT Policies Management
Directions
PO6.4 - Policy, Standard and Procedures
Rollout
PO6.5 - Communication of IT Objective and
Direction

PO7 - Manage IT
Human Resources

PO7.1 - Personnel Recruitment and


Retention
PO7.2 - Personnel Competencies
PO7.3 - Staffing of Roles
PO7.4 - Personnel Tranining
PO7.5 - Dependence Upon Individuals
PO7.6 - Personnel Clearance Procedures
PO7.7 - Employee Job Performance
Evaluation
PO7.8 - Job change and Termination
PO8.1 - Quality Management System
PO8.2 - IT Standards and Quality Practices

PO8 - Manage Quality

PO8.3 - Development and Acquisition


Standards
PO8.4 - Customer Focus
PO8.5 - Continuous Improvement
PO8.6 - Quality Measurement, Monitoring
and Review

PO9 - Assess and


Manage IT Risks

PO9.1
PO9.2
PO9.3
PO9.4

IT Risk Management Framework


Establishment of Risk Context
Event Identification
Risk Assessment

PO9 - Assess and


Manage IT Risks
PO9.5 - Risk Response
PO9.6 - Maintenance and Monitoring of Risk
Action Plan
PO10.1 - Programme Management
Framework
PO10.2 - Project Management Framework

PO10 - Manage
Projects

PO10.3 - Project Management Approach


PO10.4 - Stakeholder Commitment
PO10.5 - Project Scope Statement
PO10.6 - Project Phase Initiation
PO10.7 - Integrated Project Plan
PO10.8 - Project Resources
PO10.9 - Project Risk Management
PO10.10 - Project Quality Plan
PO10.11 - Project Change Control
PO10.12 - Project Planning of Assurance
Methods
PO10.13 - Project Peformane Measurement,
Reporting and Monitoring
PO10.14 - Project Closure

AI1 - Identify
Automated Solution

AI1.1 - Definition and Maintenance of


Business Functional and Technical
Requirements
AI1.2 - Risk Analysis Report
AI1.3 - Feasibility Study and Formulation of
Altenative Courses of Action
AI1.4 - Requirements and Feasibility
Decision and Approval
AI2.1 - High Level Design
AI2.2 - Detailed Design
AI2.3 - Application Control and Auditability
AI2.4 - Application Security and Availability

AI2 - Aquire and


Maintain Application
Software

AI2.5 - Configuration and Implementation of


Acquired Application Software
AI2.6 - Major Upgrades of Existing Systems
AI2.7 - Development of Application
Software

Software

AI2.8 - Software Quality Assurance


AI2.9 - Applications Requirements
Management
AI2.10 - Application Software Maintenance

Aquire and
Implement
(AI)

AI3 - Acquire and


Maintain Technology
Infrastructure

AI3.1 - Technological Infrastructure


Acquisition Plan
AI3.2 - Infrastructure Resource Protection
and Availability
AI3.3 - Infrastructure Maintenance
AI3.4 - Feasibility Test Environment
AI4.1 - Planning for Operational Solutions

AI4.2 - Knowledge Transfer to Business


AI4 - Enable Operation Management
and Use
AI4.3 - Knowledge Transfer to End Users

AI5 - Procure IT
Resources

AI4.4 - Knowledge Transfer to Operations


and Support Staff
AI5.1 - Procurement Control
AI5.2 - Supplier Contract Management
AI5.3 - Supplier Selection
AI5.4 - IT Resources Acquisition
AI6.1 - Change Standards and Procedures

AI6.2 - Impact Assessment, Prioritization


and Authorization
AI6 - Manage Changes AI6.3 - Emergency Changes
AI6.4 - Changes Status Tracking and
Reporting
AI6.5
AI7.1
AI7.2
AI7.3
AI7.4
AI7 - Install and
Accredit Solutions and AI7.5
Changes
AI7.6
AI7.7
AI7.8
AI7.9

DS1 - Define and


Manage Service Levels

Change Closure and Documentation


Training
Test Plan
Implementation Plan
Test Environment
System and Data Conversion
Testing of Changes
Final Acceptance Test
Promotion to Production
Post Implementation Review

DS1.1 - Service Level Management


Framework
DS1.2 - Definition of Services
DS1.3 - Service Level Agreements

DS1 - Define and


DS1.4 - Operating Level Agreements
Manage Service Levels
DS1.5 - Monitoring and Reporting of Service
Level Achievements
DS1.6 - Review of Service Level
Agreements and Contracts
DS2.1 - Identification of All Supplier
Relationships
DS2 - Manage ThirdParty Services

DS2.2 - Supplier Relationship Management


DS2.3 - Supplier Risk Management
DS2.4 - Supplier Performance Monitoring
DS3.1 - Performance and Capacity Planning

DS3 - Manage
Performance and
Capacity

DS3.2 - Current Performance and Capacity


DS3.3
DS3.4
DS3.5
DS4.1
DS4.2
DS4.3

Future Performance and Capacity


IT Resources Availability
Monitoring and Reporting
IT Continuity Framework
IT Continuity Plans
Critical IT Resources

DS4.4 - Maintenance of IT Continuity Plan


DS4 - Ensure
Continuous Service

DS4.5 - Testing of the IT Continuity Plan


DS4.6 - IT Continuity Plan Training
DS4.7 - Distribution of IT Continuity Plan
DS4.8 - Service Recovery and Resumption
DS4.9 - Offsite Backup Storage
DS4.10 - Post-Resumption Review
DS5.1 - Management of IT Security
DS5.2 - IT Security Plan
DS5.3 - Identity Management
DS5.4 - User Account Management

DS5 - Ensure Systems


Security

DS5.5 - Security Testing, Surveillance and


Monitoring
DS5.6 - Security Incident Definition
DS5.7 - Protection of Security Technology
DS5.8 - Cryptographic Key Management

Deliver and

Security

Deliver and
Support (DS)
DS6 - Identify and
Allocate Costs

DS5.9 - Malicious Software Prevention,


Detection and Correction
DS5.10 - Network Security
DS5.11 - Exchange of Sensitive Data
DS6.1 - Definition of Services
DS6.2 - IT Accounting
DS6.3 - Cost Modeling and Charging
DS6.4 - Cost Model Maintenance
DS7.1 Identification of Education and
Training Needs

DS7 - Educate and


Train Users

DS7.2 - Delivery of Training and Education


DS7.3 - Evaluation of Training Received
DS8.1 - Service Desk

DS8 - Manage Service


Desk and Incidents

DS9 - Manage the


Configuration

DS8.2
DS8.3
DS8.4
DS8.5

Registration of Customer Queries


Incident Escalation
Incident Closure
Reporting and Trend Analysis

DS9.1 - Configuration Repository and


Baseline
DS9.2 - Identification and Maintenance of
Configuration Items
DS9.3 - Configuration Integrity Review
DS10.1 - Indentification and Classification
of Problems

DS10 - Manage
Problems

DS10.2 - Problem Tracking and Resolution


DS10.3 - Problem Closure
DS10.4 - Integration of Configuration,
Incident and Problem Management
DS11.1 - Business Requirements for Data
Management
DS11.2 - Storage and Retention
Arrangements

DS11 - Manage Data

DS12 - Manage the


Physical Environment

DS11.3 - Media Library Management


System
DS11.4 - Disposal
DS11.5 - Backup and Restoration
DS11.6 - Securiyt Requirements for Data
Management
DS12.1 - Site Selection and Layout
DS12.2 - Physical Security Measures
DS12.3 - Physical Access

DS12 - Manage the


Physical Environment

DS12.4 - Protection Against Environmental


Factors
DS12.5 - Physical Facilities Management

DS13 - Manage
Operations

DS13.1 - Operations Procedures and


Instructions
DS13.2 - Job Scheduling
DS13.3 - IT Infrastructrure Monitoring
DS13.4 - Sensitive Documents and Output
Devices
DS13.5 - Preventive Maintenance for
Hardware
ME1.1 - Monotoring Approach

ME1 - Monitor and


Evaluate IT
Performance

ME1.2 - Definition and collection of


Monitoring Data
ME1.3 - Monitoring Method
ME1.4 - Performance Assessment
ME1.5 - Board and Executive Reporting
ME1.6 - Remedial Actions

ME2 - Monitor and


Evaluate Internal
Control

ME2.1 - Monitoring of Internal Control


Framework
ME2.2 - Supervisory Review
ME2.3 - Control Exceptions
ME2.4 - Control Self-assessment
ME2.5 - Assurance of Internal Control
ME2.6 - Internal Control at Third Parties
ME2.7 - Remedial Actions

Monitor and
Evaluate
(ME)

ME3.1 - Identification of External Legal,


Regulatory and Contractual Compliance
Requirements
ME3.2 - Optimization of Response to
ME3 - Ensure
External Requriements
Compliance With
External Requriements ME3.3 - Evaluation of Compliance With
External Requirements
ME3.4 - Positive Assurance of compliance
ME3.5 - Integrated Reporting

ME4 - Provide IT
Governance

ME4.1 - Establishment of an IT Governance


Framework
ME4.2 - Strategic Alignment
ME4.3 - Value Delivery
ME4.4 - Resource Management
ME4.5 - Risk Management

ME4 - Provide IT
Governance
ME4.6 - Performance Measurement
ME4.7 - Independent Assurance

IT Governance Framework (Domain 1)

Strategic Alignm
TS1 TS1
TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9 0
1
TS1 TS2 TS3 TS4
X
X
X

X
X

X
X
X

X
X

X
X

X
X

X
X
X

X
X

X
X
X

X
X

CGEIT
Value Delivery (Domain 3)

Strategic Alignment (Domain 2)

TS1 TS1 TS1


TS5 TS6 TS7 TS8 TS9 0
1
2
TS1 TS2 TS3 TS4 TS5 TS6 TS7
X
X
X
X

X
X

X
X

X
X
X

X
X
X

X
X

CGEIT
ry (Domain 3)

Risk Management (Domain 4)


Resource Mana
TS1 TS1
TS8 TS9 0
1
TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS1 TS2 TS3
X

X
X
X

X
X
X
X

X
X

X
X
X

X
X

X
X
X
X
X

Resource Management (Domain 5)

Performance Measrt (Domain 6)


TS1 TS1
TS4 TS5 TS6 TS7 TS8 TS9 0
1
TS1
TS2 TS3
TS4 TS5 TS6

X
X
X

X
X

X
X

X
X

X
X
X

X
X
X

X
X