Certified Information System Auditor Certification (CISA) validates your knowledge for information system audits, guarantees, control, security, cybersecurity and governance. Offering by audit information systems and control associations (ISACA), credentials are designed for it and are auditors assigned to evaluate organizational information systems to identify potential security problems or threats. This global recognized certification is one of the few certifications specifically designed for IT auditors.
CISA Certification Requirements
To submit a CISA exam, you will need at least five years of encouraging information systems, control or security security in the last 10 years. You can accept neglect up to three years of experience if you have the following:
Maximum one year is an experience or one year of non-IS audit experience
Equivalent to a two or four-year degree, which can be replaced for one to two years of experience
Bachelor’s degree or a Masters degree from a university that teaches the Curriculum sponsored by ISACA, which can be replaced for one year of experience
The master’s degree in is or from an accredited university, which is equivalent to one year of experience
ISACA also offers exceptions for those who have spent two years as a full-time university instructor in the relevant field, which can be replaced for one year of experience.
Or, you can choose to take an exam before meeting the requirements, and after the requirements are fulfilled, you will be awarded the appointment of CISA. This is a practice driven by ISACA, but you must complete the prerequisites within five years after passing the exam.
The CISA exam is assessed on a 200 to 800 points. To graduate, you must get a score of 450 or higher. You will be given four hours to complete 150 multiple choice exam questions, which include five main work practices in is audit, control and security:
Domain 1: Information System Audit Process (21%)
Domain 2: Governance and Management (16%)
Domain 3: Acquisition of Information Systems, Development and Implementation (18%)
Domain 4: information system operation, maintenance and service management (20%)
Domain 5: Information Asset Protection (25%)
Five CISA Domains
Domain 1 covers the basics of IT audits, which includes executing high-risk IT-based IT audits and ensures that the strategy is in accordance with audit standards. It also includes ways to plan audits, conduct audits, communicate the results of the audit and follow up to see if anything needs to be adjusted.
Domain 2 includes all auditor evaluation measures that need to be taken to ensure that “leadership and structures and organizational processes needed are achieving goals and to support organizational strategies and objectives,” According to ISACA. Tasks include evaluating IT strategies, governance, organizational structure, resource management, portfolio management, risk management, control monitoring, KPI reporting and organizational business continuity plans.
Domain 3 involves all steps for acquisition, development, testing and implementing IT systems to meet organizational goals. This includes evaluating the proposed IT investment, contract management process, IT supplier selection and project management framework. This domain also includes intermediaries to ensure the project will be sent on time, evaluating the readiness of the IT system for implementation and conducting post-implementation reviews.
Domain 4 includes everything you need to ensure that the process for IT operations, maintenance and service management aligns with the company’s business objectives. This involves evaluating IT management frameworks and practices and ensures that organizations follow the best practices specified. This also includes evaluating how operation, maintenance, data quality, data base management practices are parallel to business strategies and objectives.
Domain 5 focuses on everything related to keeping business information assets safe and secrets. These include evaluating IT security and privacy policies, standards and procedures in the organization and ensuring the design, implementation, maintenance and monitoring and reporting of effective and adequate security control.
ISACA offers several options to prepare for the CISA online certification exam. You can choose from visual instructor-led training, online or on-demand review courses, manual print reviews or downloads, review questions and access to the answer data base and explanation with a 12-month ISACA membership subscription.
You can also choose to attend a four-day direct course organized by ISACA in different locations throughout the company. Or, if your organization wants to ratify a group of employees at once, IT leaders can bring training directly to the company.