188 Enterprise Project Governance governance. It is maintained by the Offi ce of Government Commerce of the United Kingdom in conjunction with the IT Service Manage- ment. Although not specifically focused on IT governance, the related information is a reference source for IT function improvement projects. Others references are ISO 27001, with a focus on IT security; CMM (Ca- pability Maturity Model), aimed at software engineering; and TickIT, a qual- ity-management certification program for software development. ISO 31.000 focuses on risk management and exerts a strong influence on IT governance. A specific certification exists for governance in information technology. CGEIT (Certified in the Governance of Enterprise Information Technology) was cre- ated by the ISACA. Experienced professionals, with a minimum of five years of experience in a managing or advisory role in the governance and control of IT at an enterprise level, are eligible to obtain certification, provided they pass the four-hour exam and demonstrate adequate understanding of enterprise IT