By: Hemang Doshi
March 2, 2017
Why CISA is Inevitable for Today's Audit Professionals
By: Hemang Doshi
March 2, 2017
What is CISA?
The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA).
Certified Information Systems Auditor (CISA) is a globally recognized certification in the field of audit, control, and security of information systems. CISA gained worldwide acceptance having uniform certification criteria, the certification has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance. Vacancies in the areas of IT security management, IT audit or IT risk management often ask for a CISA certification. Unfortunately, like Chartered Accountancy, this exam also tends to be associated with a high failure rate.
It is globally recognized as the mark of excellence for the IS audit professional.
It gives you a competitive advantage over peers when seeking job growth.
It demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise.
Due to limited availability of experts in this field, being CISA qualified can offer you a higher pay scale.
Requirements for CISA qualified Experts:
I personally feel that CISA qualification will be must down the line may be 2 to 3 years for Internal Audit profile. The reason is simple, most of the organizations will be system driven where all the processing and controls will be integrated through computers. There will be minimum manual intervention. In such scenario, our traditional audit approach will not work. In a system driven scenario, auditors need to know about system integrations/system processings /data security/encryption techniques/ network security/system availability/BCP and backup processing. A CISA holder will have an edge over traditional auditors.
The exam is known to be difficult since it is four hours long, consists of 150 multiple choice questions and uses the format of one correct answer per question. The scoring is weighted depending on a predetermined value for each question with a passing score of 450 points out of an 800 point scale. Some questions are purely for statistical purposes and do not affect the candidate's score. Further, details can be obtained from http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/How-to-Become-Certified/Pages/default.aspx
To be honest, it’s not an easy task. But if you follow below pattern for preparation, I am sure your certification is not far away.
The only investment that I recommend is buying "CISA Review Questions, Answers & Explanations Database" from ISACA website (isaca.org). The cost will be approximately 12000/- INR. But it is worth the investment if you aspire to clear CISA on your first attempt.A database is an online version with features as follows:
The CISA Review Questions, Answers & Explanations Database is a comprehensive 1,200-question pool of items. The database is available via the web, allowing our CISA Candidates to log in at home, at work or anywhere they have Internet connectivity.
Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally, questions generated during a study session are sorted based on previous scoring history, allowing CISA candidates to identify their strengths and weaknesses and focus their study efforts accordingly.
Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs.
If you do not want to spend this much also, I do have a solution. Please visit www.datainfosec.com for free CISA Mock-Test and CISA Question Banks.
CISA Question Banks: (originally posted on Quora)
Now, treat this database as a bible for studying CISA. Please rigorously follow the below pattern:
(i) It's ideal to start preparation at least 4 months before the date of examination.
(ii) Now, this is very very important. Please attempt 40 questions daily. Total time required is less than half an hour per day. No excuses even on weekends/holidays. I am not recommending any more study. 40 questions daily is the only requirement that will help us to get certification. Please note that this question database resembles the actual questions asked in CISA examination. Though questions may be framed differently, the testing concept remains the same. How do I know? I attempted the CISA examination twice.
(iii) If you follow the 40-40 rule, within a month, you will able to attempt more than 1000 questions. Please note when you attempt a question, pay more attention to the explanation part i.e why a particular answer is correct and why other three are not. Also, note that for many questions, the testing concepts will be repetitive in nature. So, logically, it stands that the more questions you attempt, the more confidence you'll have. Simple.
(iv) Also, please read CRM (CISA Review Manual) twice before the exam. Of course, that's just a suggestion, but I think it will help solidify the concepts in your mind.
(v) In case you want to supplement your study, I recommend the below free video tutorials for CISA exam:
Steps of Risk Assessment
Online Auditing Techniques
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)