ISACA CGEIT Enterprise IT Governance Practice Test

Certified in the Governance of Enterprise IT (CGEIT) is an ISACA governance route for candidates who work with enterprise IT value delivery, risk oversight, resource optimization, and performance measurement.

Use these 12 original sample questions for initial self-assessment. The full IT Mastery route for CGEIT is not available yet; try the preview and use the Notify me form if this is your target route.

What this route should test

• choosing governance actions instead of operational fixes
• connecting technology investments to value, risk, resources, and performance
• recognizing board, executive, management, and operational responsibilities
• interpreting metrics, accountability, and oversight decisions

Common candidate trap

CGEIT is about governance, not day-to-day administration. The best answer often clarifies accountability, oversight, value, risk, resources, and performance rather than solving the operational problem directly.

Sample Exam Questions

These questions are original IT Mastery preview items for enterprise IT governance judgment. They are not official ISACA exam questions.

Question 1

Topic: governance versus management

A major IT program is late and over budget. What is the governance body’s best role?

• A. Rewrite the project schedule personally
• B. Review performance, risk, value, accountability, and corrective-action oversight
• C. Configure the project-management tool
• D. Assign daily developer tasks

Best answer: B

Explanation: Governance provides oversight and accountability. Management handles day-to-day execution, while governance evaluates performance, risk, value, and corrective direction.

Question 2

Topic: value delivery

An IT investment delivered on time but did not produce the expected business benefit. What should governance focus on?

• A. Declaring the project successful because the technical scope was delivered
• B. Hiding the benefit gap
• C. Replacing all project staff
• D. Benefit realization, accountability, lessons learned, and whether value measures were defined correctly

Best answer: D

Explanation: Value delivery is not only technical completion. Governance should track whether intended benefits were defined, owned, measured, and realized.

Question 3

Topic: resource optimization

Several strategic initiatives depend on the same scarce cybersecurity architects. What should governance require?

• A. A resource-prioritization decision based on strategy, risk, capacity, and value
• B. Every initiative to proceed at full speed
• C. Architects to work without limits
• D. Removal of all security architecture review

Best answer: A

Explanation: Resource optimization requires prioritization. Governance should align scarce resources to strategy, risk, and value rather than overcommitting capacity.

Question 4

Topic: performance measurement

The board receives IT reports full of server uptime metrics but no business-value indicators. What is the main weakness?

• A. Uptime should never be reported
• B. Technical metrics are illegal
• C. Measures do not connect IT performance to business outcomes, value, and risk
• D. The report has too few charts

Best answer: C

Explanation: Governance metrics should support oversight. Technical measures may be useful, but they should connect to business outcomes, risk, value, and accountability.

Question 5

Topic: risk oversight

A cloud migration creates new third-party concentration risk. What should governance ensure?

• A. The risk is ignored because cloud is strategic
• B. Only the cloud team knows about the risk
• C. The vendor makes all decisions
• D. Risk is assessed, assigned to accountable owners, monitored, and considered in decision-making

Best answer: D

Explanation: Governance does not eliminate risk by approving a strategy. It ensures risks are understood, owned, monitored, and considered against appetite.

Question 6

Topic: accountability

A digital transformation program has no single owner for benefit realization. What should be corrected?

• A. The program name
• B. Clear accountability for expected outcomes, decisions, metrics, and reporting
• C. The colour of the dashboard
• D. The number of status meetings only

Best answer: B

Explanation: Governance depends on accountability. Without an owner for outcomes and metrics, benefit realization becomes weak.

Question 7

Topic: governance framework

An organization adopts an IT governance framework but treats it as a checklist with no decision rights. What is missing?

• A. Defined structures, roles, decision rights, accountability, and performance monitoring
• B. More technical acronyms
• C. A larger policy font
• D. A separate framework for every team

Best answer: A

Explanation: Framework adoption should clarify how governance works. Decision rights, roles, accountability, and monitoring matter more than checklist adoption.

Question 8

Topic: strategic alignment

IT proposes a platform investment with unclear connection to enterprise strategy. What should governance ask first?

• A. Whether the platform name sounds modern
• B. Whether the vendor is popular
• C. Which strategic objective, business capability, risk reduction, or measurable value the investment supports
• D. Whether all departments like the logo

Best answer: C

Explanation: Strategic alignment connects IT investment to enterprise goals. Governance should require a clear business rationale and value measure.

Question 9

Topic: portfolio oversight

A portfolio contains many small projects that individually look useful but collectively exceed budget and capacity. What is the governance issue?

• A. Portfolio prioritization, dependency, capacity, and value oversight are weak
• B. Small projects never need governance
• C. Budgets are irrelevant
• D. Capacity should be ignored

Best answer: A

Explanation: Portfolio governance considers the whole set of investments. Capacity, dependencies, budget, risk, and value must be managed across the portfolio.

Question 10

Topic: stakeholder reporting

Executive reports show green status even though business users report poor adoption. What should governance challenge?

• A. The use of any status colour
• B. Whether performance reporting includes adoption, business outcomes, and stakeholder evidence
• C. Whether users should be excluded from reporting
• D. Whether the project can close with no benefit evidence

Best answer: B

Explanation: Governance reporting should reflect reality. Adoption and stakeholder outcomes are important value indicators, not noise.

Question 11

Topic: policy oversight

An IT policy exists but exceptions are approved informally and never reviewed. What should governance require?

• A. More informal approvals
• B. Deleting the policy
• C. Ignoring exceptions
• D. A formal exception process with ownership, risk evaluation, approval, expiry, and monitoring

Best answer: D

Explanation: Governance should ensure exceptions are controlled and transparent. Unreviewed exceptions can undermine policy and risk appetite.

Question 12

Topic: continuous improvement

A governance committee receives repeated audit findings about weak project benefit tracking. What is the best governance response?

• A. Stop receiving audit reports
• B. Ask audit to lower expectations
• C. Require corrective action, ownership, timeline, and follow-up reporting for benefit tracking
• D. Close the findings without action

Best answer: C

Explanation: Governance should act on repeated findings by requiring accountable remediation and follow-up, not by ignoring assurance feedback.

CGEIT quick checklist

Related ISACA pages

• CISA
• CRISC
• ISACA certification updates