What is CISA?
The CISA program is designed to assess and certify individuals in the IS
audit, control and security profession who demonstrate exceptional skill and
judgment. To earn the CISA designation, candidates are required to successfully
complete the CISA Examination, adhere to the Information Systems Audit and
Control Association’s Code of Professional Ethics, which is included in
the Candidate’s Guide to the CISA Examination and provided to each
registered exam candidate and submit evidence of a minimum of five (5) years of
professional IS auditing, control or security work experience.
Substitution and waivers of such experience may be obtained; full details are
published in the Bulletin of Information, which can be viewed online at
www.isaca.org. All experience will be verified independently with employers.
It is important to note that many individuals choose to take the CISA Exam
prior to meeting the experience requirements.This practice is acceptable and
encouraged, although the CISA designation will not be awarded until all
requirements are met.
Back
What is the CISA examination?
The Information Systems Audit and Control Association in 1981 introduced the
Certified Information Systems Auditor examination. It is designed to assess the
competence of an Information Systems Auditor in conducting Information Systems
Audits.
Back
How accurate is CISA as a
test of competence?
The procedures used in preparing and monitoring the examination involve a
number of quality checks to ensure accuracy and validity. Some of them are
listed below.
The certification programme conducts regular job analysis studies of a
statistically representative sample of Information Systems auditors. The study
determines the nature of the job content areas and the percentage weighting
attached to each area in the examination.
Examination questions are submitted by practising computer auditors and are
then subjected to a three level independent quality check before they are added
to the question pool.
The question pool is periodically reviewed to ensure that all questions are
current and reflect the latest job analysis studies. If a question is no longer
valid it is removed from the pool. All questions are periodically reviewed by an
independent group of practising IS auditors in order to verify that they are
fair and to provide an assurance that suitably experienced candidates will be
able to answer the questions correctly.
Back
How widely recognised is
the qualification?The CISA examination is conducted annually at
over 140 locations in 45 countries and there are over l4,000s CISAs world-wide.
The examination is available in English, Dutch, German, Korean, Hebrew, Italian,
French, Japanese and Spanish Traditional Mandarin Chinese, Simplified Mandarin
Chinese. The examination is annually administered to over 180 candidates in the
London area alone. Job advertisements for IS auditors in the UK increasingly
require candidates to possess a CISA.
Back
Is CISA the right qualification for me?
If you are an experienced computer auditor or computer security professional -
yes! CISA is a test of competence; it does not attempt to teach the theory and
practice of computer auditing or computer security.
Back
What is the nature of the examination?
The examination consists of 200 multiple choice questions taken over a four
hour period. The questions cover 7 domains. The proportion of questions
associated with each domain will vary as a percentage according to the overall
significance of the domain within the examination. The domains are:
Process-based Area
The IS Audit Process — Conduct IS audits in accordance with generally
accepted IS audit standards and guidelines to ensure that the organization’s
information technology and business systems are adequately controlled, monitored
and assessed.
Content Areas
Management, Planning and Organization of IS
Evaluate the strategy, policies, standards, procedures and related practices
for the management, planning and organization of IS.
Technical Infrastructure and Operational Practices
Evaluate the effectiveness and efficiency of the organization’s
implementation and ongoing management of technical and operational
infrastructure to ensure that they adequately support the organization’s
business objectives.
Protection of Information Assets
Evaluate the logical, environmental and IT infrastructure security to ensure
that it satisfies the organization’s business requirements for safeguarding
information assets against unauthorized use, disclosure, modification, damage or
loss.
Disaster Recovery and Business Continuity
Evaluate the process for developing and maintaining documented communicated and
tested plans for continuity of business operations and IS processing in the
event of a disruption.
Business Application System Development, Acquisition, Implementation and
Maintenance
Evaluate the methodology and processes by which the business application
system development, acquisition, implementation and maintenance are undertaken
to ensure that they meet the organization’s business objectives.
Business Process Evaluation and Risk Management
Evaluate business systems and processes to ensure that risks are managed in
accordance with the organization’s business objectives.
The raw scores are weighted according to an algebraic formula ranging from a
low of 25 to a high of 99. You will need to achieve a weighted score of 75 or
better to pass.
Back
When will the examination be held?
The examination is held once a year, usually on the second Saturday in June.
Examinations in the UK will be held at sites in London, Birmingham,
Manchester and Edinburgh. The precise location may vary from year to year as the
Association 'shops around' to find the most suitable location for the numbers
involved. We always endeavour to ensure that the London site is easily
accessible by public transport and that there are car parking facilities within
easy reach.
Back
How do I prepare for the examination?
The examination aims to assess your level of proficiency in performing
computer audit or computer security related work. It presupposes that you
already have knowledge of the subject material by virtue of your experience.
There are no structured study modules although ISACA annually produces the `CISA
Review Manual’, which briefly covers all the domains and provides practice
questions. Learning the contents of the manual will not, in itself, provide
sufficient knowledge to pass the examination.
The International office also publishes a 'Candidates Guide to the CISA
examination' which includes a recommended reading list.
The London chapter of ISACA annually runs a CISA Review course/workshop. The
aim of this course is to help candidates prepare by ensuring that they are
familiar with the nature and structure of the examination and have sufficient
practice in answering examination style questions.
Back
How do I apply for the examination?
You can download a copy of the most recent `Bulletin of Information and
Examination Registration Form' from the main ISACA site www.isaca.org
Alternatively, you can request the bulletin from the London Chapter of ISACA
by completing the attached form, or contact:
Christine Lyon, Chapter Administrator
+44 (0)1707 665014
E-mail: admin@isaca-london.org
Completed registration forms together with the appropriate fee must be sent
to the US Head Office for receipt NO LATER THAN 1st APRIL FOR THE YEAR IN
WHICH YOU WISH TO TAKE THE EXAMINATION, early booking discounts are
available (please do NOT return them to the London Chapter).
Back
|
