The Certified Information Systems Auditor (CISA) is a certification and a globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
This certification is issued by ISACA to people in charge of ensuring an organization's IT and business systems are monitored, managed and protected. It is presented after completion of a comprehensive testing and application process. It is designed for IT auditors, audit managers, consultants and security professionals.
Attaining CISA certification is considered beneficial because it is accepted by employers worldwide and is often requested for IT audit and security information management (SIM) positions. The certification provides the holder with greater visibility throughout the job application process since most recruiters prefer and keep an eye out for IT auditors with a CISA certification.
The primary duties of a CISA include:
A CISA's responsibilities often extend beyond auditing control. They are expected to work with management to confirm organizational processes, plans for implementation and operation of the deployed systems, and promote the organization's objectives and strategies.
This includes evaluating:
After systems are implemented, CISAs must continue to monitor various areas to ensure successful deployment of the systems. This includes conducting project and post-implementation reviews. Other responsibilities include evaluating:
Once the system is implemented, the CISA is responsible for evaluating:
Finally, a CISA is responsible for working with management. This is to ensure the security standards, policies, procedures and controls within the organization impart integrity, confidentiality and availability of information assets.
In order to become CISA certified, applicants must complete the following five steps:
ISACA asks that all CISA applicants complete five years of professional IS auditing, control, assurance or security work, but substitutions and waivers can be obtained. For example, one year of IS experience or one year of non-IS auditing can be substituted for one year of experience. Also, 60 to 120 university semester credit hours -- a two year to four year degree -- can replace one or two years of experience, respectively. Two years as a full-time instructor within the related field at a university can also replace one year of experience.
Work experience must be within the 10 years prior to a candidate's application submission or within five years of a passed CISA exam. The candidate must also show adherence to ISACA's Code of Professional Ethics and Information Systems Auditing Standards. Once these criteria are met, the candidate can successfully apply for certification.
The CISA exam is open to any individual who expresses an interest in IS auditing, control and security. It is four hours long and consists of 150 multiple-choice questions set around five job practice domains:
A score of 450 or higher (scored on a scale of 200 to 800) is required to pass the exam. It can be taken at any time in testing locations worldwide and remotely online. The exam is offered in English, Chinese Mandarin Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, Spanish and Turkish.
Individuals looking to prepare for the exam can take advantage of preparation materials that are available through the ISACA. Many ISACA chapters also host CISA exam review courses. It is recommended that people preparing for the exam take as many practice tests as possible in addition to studying the ISACA Review Manual and learning to think like an accountant.
Adopting an accountant's mindset is beneficial because most of the people who write the CISA exam either work as accountants or in the financial services industry. Therefore, by thinking like an accountant, a test-taker can gain a greater understanding of the questions and answers and the way they were written.
If a CISA candidate passes the exam, they will be sent the information needed to apply for the CISA certificate. However, they must first ensure they have met the work experience requirements.
CISA applicants and certification holders must abide by ISACA's Continuing Professional Education (CPE) program. This training is to ensure that CISAs stay up to date and proficient in their fields.
The goals of the CPE program include:
ISACA requires maintenance fees and a minimum of 20 CPE hours annually, plus an additional 120 contact hours during a fixed three-year period.
The CISA certification is recognized worldwide as the sign of an individual's excellence within information system auditing. Benefits of a CISA certification include:
CISA certification can also impact an individual's salary. Professionals with CISA certification often make between $52,459 and $122,326 per year. Internal audit directors are one of the highest paid positions with a CISA certificate. This position can make around $136,082 per year.
05 Oct 2021