Why CISA is Inevitable for Today’s Audit Professionals

March 2, 2017 | Views: 4563

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What is CISA?

The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA).

Certified Information Systems Auditor (CISA) is a globally recognized certification in the field of audit, control, and security of information systems. CISA gained worldwide acceptance having uniform certification criteria, the certification has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance. Vacancies in the areas of IT security management, IT audit or IT risk management often ask for a CISA certification. Unfortunately, like Chartered Accountancy, this exam also tends to be associated with a high failure rate.

Why CISA?

It is globally recognized as the mark of excellence for the IS audit professional.

It gives you a competitive advantage over peers when seeking job growth.

It demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise.

Due to limited availability of experts in this field, being CISA qualified can offer you a higher pay scale.

Requirements for CISA qualified Experts:

I personally feel that CISA qualification will be must down the line may be 2 to 3 years for Internal Audit profile. The reason is simple, most of the organizations will be system driven where all the processing and controls will be integrated through computers. There will be minimum manual intervention. In such scenario, our traditional audit approach will not work. In a system driven scenario, auditors need to know about system integrations/system processings /data security/encryption techniques/ network security/system availability/BCP and backup processing. A CISA holder will have an edge over traditional auditors.

Exam Pattern:

The exam is known to be difficult since it is four hours long, consists of 150 multiple choice questions and uses the format of one correct answer per question. The scoring is weighted depending on a predetermined value for each question with a passing score of 450 points out of an 800 point scale. Some questions are purely for statistical purposes and do not affect the candidate’s score. Further, details can be obtained from http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/How-to-Become-Certified/Pages/default.aspx

Study Pattern:

To be honest, it’s not an easy task. But if you follow below pattern for preparation, I am sure your certification is not far away.

Resource Requirement:

The only investment that I recommend is buying “CISA Review Questions, Answers & Explanations Database” from ISACA website (isaca.org). The cost will be approximately 12000/- INR. But it is worth the investment if you aspire to clear CISA on your first attempt.

A database is an online version with features as follows:

The CISA Review Questions, Answers & Explanations Database is a comprehensive 1,200-question pool of items. The database is available via the web, allowing our CISA Candidates to log in at home, at work or anywhere they have Internet connectivity.

Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally, questions generated during a study session are sorted based on previous scoring history, allowing CISA candidates to identify their strengths and weaknesses and focus their study efforts accordingly.

Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs.

If you do not want to spend this much also, I do have a solution. Please visit www.datainfosec.com for free CISA Mock-Test and CISA Question Banks.

CISA Question Banks: (originally posted on Quora)

http://www.datainfosec.blogspot.in/2016/03/cisa-question-bank-1.html

http://www.datainfosec.blogspot.in/2016/03/cisa-question-bank-2.html

http://www.datainfosec.blogspot.in/2016/03/below-are-some-of-questions-collated.html

http://www.datainfosec.blogspot.in/2016/03/cisa-question-bank-4.html

http://www.datainfosec.blogspot.in/2016/03/cisa-question-bank-5.html

http://www.datainfosec.blogspot.in/2016/03/cisa-question-bank-6.html

Now, treat this database as a bible for studying CISA.  Please rigorously follow the below pattern:

 (i) It’s ideal to start preparation at least 4 months before the date of examination.

(ii) Now, this is very very important. Please attempt 40 questions daily. Total time required is less than half an hour per day. No excuses even on weekends/holidays. I am not recommending any more study. 40 questions daily is the only requirement that will help us to get certification. Please note that this question database resembles the actual questions asked in CISA examination. Though questions may be framed differently, the testing concept remains the same. How do I know? I attempted the CISA examination twice.

(iii) If you follow the 40-40 rule, within a month, you will able to attempt more than 1000 questions. Please note when you attempt a question, pay more attention to the explanation part i.e why a particular answer is correct and why other three are not. Also, note that for many questions, the testing concepts will be repetitive in nature. So, logically, it stands that the more questions you attempt, the more confidence you’ll have. Simple.

(iv) Also, please read CRM (CISA Review Manual) twice before the exam. Of course, that’s just a suggestion, but I think it will help solidify the concepts in your mind.

(v) In case you want to supplement your study, I recommend the below free video tutorials for CISA exam:

Domain 1

Steps of Risk Assessment

Domain 2

Outsourcing Functions

Domain 3

Online Auditing Techniques

Domain 4

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

Domain 5

Digital Signature

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
3 Comments
  1. Thank you, interesting and quite thorough ! 🙂

  2. I think I’ll go for this.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel