cgeitexamprep intro 032310

CGEIT EXAM PREP #1 1

Copyright ©2010 Tunitas Group. All rights reserved. This presentation material may be used solely by participants in SF‐ISACA’s 2010 CGEIT Preparation Class. No other use is permitted without express written authorization.

Intro to CGEIT Exam PrepMarch 23, 2010

Bill P kBill PankeyTunitas Group

Today’s Agenda

• Introductions– About me

2

About me– About you

• Who is a CGEIT?• About the Qualifying CGEIT Exam– Subjective & Objective– Test Items

• CGEIT Exam Prep Course• Weekly Lectures• Readings• Practice Quizzes• Sample Test• Class Wiki• CPE



About MeI am a CGEIT

– June 2009 CGEIT Exam• Top 5% score (?)• Best domains (600+) : alignment risk management performance

3

Best domains (600+) : alignment, risk management, performance measurement

• Worst domains (~450): value delivery, resource management

– Background as software applications strategist & developer↑ alignment

– Background as security architect, engineer, auditor↑ risk management

– Academic background in mathematical statistics, abstract & li d t thapplied measurement theory

↑performance measurement

X MBA or executive management experience↓value delivery, resource management

Partner at Tunitas Group, an IT risk management consulting firm– strong focus in the US health sector

About You

Variety of credentials

4

25%

50%

0%

CISA CISM CISSP PMP ITIL COBIT MBA

Series1



About You

Varying perceived strengths

5

Frameworks

Ri k

Value

AlignmentMeasurement

Resource

WEA

K →

50

Risk

% STRONG →

%

50

Who is a CGEIT?

A professional occupying a significant management [executive], advisory [consultant], or assurance [audit] role relating to the

6

governance of IT. – Provides significant support to Board of Directors and/or executive management

– Leads in establishing IT infrastructure & process• Focus on the oversight of IT management, not IT

tmanagement per se– E.g., control over change management process vs. management of changes

• Experience in establishing \ maintaining an IT governance framework



Who is a CGEIT ‐> Exam Prep Strategy

Develop and maintain a “CGEIT Perspective” of the task areas and study materials in particular how various

7

areas and study materials, in particular, how various knowledge | results |outputs ‐>

1. are relevant to executive and / or board decisions

2. organize, control or monitor IT processes

3. impact performance of the business

• Create value (financial and otherwise)

• Reduce extraordinary losses, write offs, penalties, claims, etc

8

About the Exam

Test ItemsReactionsResults

Lessons LearnedMore Results

Study Recommendations



About the CGEIT Exam

120 Questions | 4 hours (!)seems like massive amount of time; but some use it all

9

seems like massive amount of time; but some use it all

ISO 17024 certification of CGEIT credential (future) requirement to “criterion” vs “norm” reference of scoring

• score against an ‘objective’ rather than ‘relative’ standard of competence

5 Governance domains + Frameworks5 Governance domains + Frameworksstrategic alignment; value delivery, risk management, resource management, performance delivery

– Many questions have multiple aspects & can be answered from different domain perspectives• ISACA seeking ‘single, best’ answer

About the CGEIT Exam

Exam tests judgment about CGEIT related tasksD N t i it ti f f t i CGEIT b i

10

– Does Not require recitation of facts in CGEIT basic references

– Cannot be answered though simple recitation of facts

– Some questions do not give ‘enough information’ to determine the answer• requires use of candidates knowledge & experience to answer in terms of most probable scenario

– Nuance and subtlety



About the CGEIT Exam: Question Formats

2 question formats:

11

1. Simple ‘concept & keyword’Test knowledge of ‘best’ | ‘good’ practice

2. Company IT scenario followed by several questions regarding best course of action in that scenariothat scenario

Test judgment regarding application of best practice to novel situation

Sample Concept & Keyword Question*

1‐2 The MOST effective way to implement IT governance in an enterprise is through the use of a:

12

governance in an enterprise is through the use of a:

A. business case.

B. IT balanced scorecard.

C. phased life cycle.

D. set of IT performance metrics.

* From CGEIT Study Guide



Sample ‘Scenario’ Question

To enhance its consumer oriented ecommerce business, Company A acquires a small (15 person) web development

13

Company A acquires a small (15 person) web development company. To accelerate the return on this investment, the company should:A. Keep the web company in tact as a wholly owned subsidiary

with its own P&L reporting

B. Keep the web company development teams in tact, its leaders reporting to the CTO or VP applications

C. Assign the web company developers to existing development teams within Company A

D. Organize the web company as a new business unit reporting to the CIO. Assign Company A resources to it as required.

About the CGEIT Exam: ISACA

From ISACA exam committee:

14

– Claim: CGEIT exam has same level of reliability & validity as do other ISACA exams

• ISACA will not release actual psychometric measures

• Skepticism about this result

– Small item bank (~500 items)

Discount the CGEIT basic references

– Item responses are only generally bound to basic references (i.e. page # and text)



About the CGEIT Exam: Post Test Reactions

After taking exam, and before notice of results:

15

June 2009 candidates, report surprise• Exam was too easy |guarded optimism | “everyone will pass”• Disappointment that detailed knowledge of ISACA tools &

frameworks (e.g., COBIT, VALIT) was not tested

Participants in Fall 2009 CGEIT Prep Course report • Exam was generally as expectedExam was generally as expected• 90% of candidates confident that they answered more than

70% of items correctly• 95% of candidates identify one or more domains where they

thought they may have underperformed

About the CGEIT Exam: Reality

16

~50% Fail



About the CGEIT Exam: Score Distribution*: Scaled Total Test Scores**

17

→ PassFail←

<300 300 ‐ 350 350 ‐ 400 400 ‐ 450 450 ‐ 500 500 ‐ 550 550 ‐ 600 600 ‐ 650 650 ‐700 > 700

25%→ Pass Fail ←

Median Score: 43270% Percentile: 47690% Percentile: 524

Average: 438

* Survey of June 09 & Dec 09 candidates ** Weighted Average of Domain Scores

About the CGEIT Exam: Post Result Reactions

Some comments:• I didn't pass I'm just can't believe it This is the first exam I've ever not

18

• I didn t pass. I m just can t believe it. This is the first exam I ve ever not passed.

• Many questions seemed straight forward however it was not the case.

• [Exam] is unpredictable and gives the sense of mere luck in passing the exam [rather] than obtaining and demonstrating real knowledge… no boundaries, questions are misleading with more [than]one close answer...

• Exam is very practice oriented• Exam is very practice oriented ...

☼Overall, I think the lesson to be learned is that governance is not an exact body of knowledge, it is a combination of practical sense and experience in the field. Study well, but trust your instincts.



Candidate Reaction ‐> Exam Prep Strategy

Focus on the real world practice of IT governance

19

Ask the ‘what’ and ‘how’ like study questions– What is the problem being solved?

– How does one know that there is a problem?

– What are the barriers to solving the problem?

– Who will solve the problem?

– How will the problem be solved?

– How will one know that the problem has been solved?

Avoid a study of facts about IT governance

About the CGEIT Exam: Domain Scores

median 90th % 70th % 25th % averagePas s Rate*

20

Frameworks 459 595 561 390 463 59%

Strategic Alignment 334 567 451 276 379 38%

Value Delivery 429 491 429 305 397 26%

Risk Management 485 660 533 440 492 53%

Resource Management 501 648 536 354 480 65%gPerformance Measurement 376 517 446 305 394 26%

* % of candidates scoring above 450, the ‘minimum competency’ level



About the CGEIT Exam:

Domain Scores*: Strategic Alignment

21

<300 300 ‐ 350 350 ‐ 400 400 ‐ 450 450 ‐ 500 500 ‐ 550 550 ‐ 600 600 ‐ 650 650 ‐700 > 700

25%


Average: 379

* Survey of June 09 & Dec 09 candidates


Domain Scores*: Value Delivery

22

<300 300 ‐ 350 350 ‐ 400 400 ‐ 450 450 ‐ 500 500 ‐ 550 550 ‐ 600 600 ‐ 650 650 ‐700 > 700

25%


Average: 397





Domain Scores*: Performance Measurement

23

<300 300 ‐ 350 350 ‐ 400 400 ‐ 450 450 ‐ 500 500 ‐ 550 550 ‐ 600 600 ‐ 650 650 ‐700 > 700

25%


Average: 394



Whole Part Correlations

24

Fram Alig

Man

a RMan

a

Perfo

Measu

mew

orks

gnment

Valu

e

Delive

ry

Risk

agement

Resource

age

ment

orm

ance

uremen

t

Correlation w/ Total TestScore

.71 .66 .81 .28 .55 .43

Domain Weight

25% 15% 15% 20% 13% 12%Weight

Pass rate | domain score > 450*

.82 .9 1. .66 .5 .66

* Estimated conditional probability of passing the exam, given at least minimal competency in the specified domain



Exam Prep Study StrategyFocus on areas of weakness

1. Strategic alignment↓ Context for business value of IT

25

↓

2. Value Delivery↓ Business value of IT↓ Management of IT’s business value

3. Performance Measurement• Measurement of IT’s business value

Review competencies in remaining areas– Risk Management– Resource management– Frameworks

Practice exam strategy and skills

26

About CGEIT Exam Prep

WebinarsReading MaterialSample Test Items

WikiCPE

Practice Exam



Weekly Class Lectures

• Weekly (Tuesday) webinars focused on single topics

27

topics

– 6:30‐8:00 PM PDT (GMT‐7)

–Webinar component: http://tinyurl.com/cgeitPrep

or http://dimdim.dimdim.com/bpankey

Di l i– Dial‐in:1‐641‐715‐3635 with Passcode: 675‐176#

Webinar Download Site

28



Study Materials: Reading

1. Exam Committee discounts the CGEIT basic references Board Briefing on IT Governance : tedious but essential

29

COBIT | VAlIT | RISKIT: Read overviews, details non‐essentialGovernance in the Extended Enterprise: interesting|non‐essentialFrameworks for IT Management: interesting but non‐essential

2. Books related to IT governancehttp://www.amazon.com/CGEIT‐EXAM‐PREP/lm/R3E4TNHMDEML4S/ref=cm_lm_byauthor_title_fullNote: I have no financial interest w/ Amazon.comNote: I have no financial interest w/ Ama on.com

3. Trade JournalsISACA JournalCIO Journal

4. CGEIT Study GuideHave not reviewed | No recommendation

Study Materials: ISACA Journal

30



31

Practice Test Items• Practice test items developed for Spring | Fall 2009 CGEIT Prep– concepts & keywords

32

p y

– Scenario

• Available online through various ‘survey’ engineshttp://www.tunitas.com/cgeit/CGEITResources_Fall2009.htm



“Concepts & Keywords” test items

Surveygizmo and word document formats

33

Questions are probably more obvious* that what is on the exam

* Obvious does not mean easier

Scenario Type Questions

From Fall 2009 CGEIT Prep

Week # Practice Test Items

• MicroPoll.com

• compare your response w/

34

• compare your response w/ those of other candidates

B Pankey response selection and rationale are contained in the corresponding weeks PowerPoint

These test scenarios may be more difficult / nuanced that those on the actual exam.



Class Wiki

All persons on class list registered as members / itt d t b it it

35

permitted to submit items

– Test item discussions

– “Axioms” of good governance

http://cgeitexamprep wikispaces comhttp://cgeitexamprep.wikispaces.com

CPE

Upon request, will provide CPE certificates

36

for candidates for whom I can verify attendance.

•Webinar login & / or dial‐in call logs

1.5 CPE per session

‘IT ’•‘IT governance’ domain for CISA

•??? for others

Make request at end of course



Practice Test

~May 25: 60 item practice test

37

1. Take under test conditions (2 hours | paper & pencil | no reference material)

2. Scoring sheet available June 1

June 5 / 6: Exam review sessionsJune 5 / 6: Exam review sessions

Multiple webinar sessions at different times to accommodate international audience

38

Final Questions

Next Session:

Overview of IT Governance

cgeitexamprep intro 032310

Documents

study materials

best domains