Certified information systems auditor (c.i.s.a.)

Certified information systems auditor (c.i.s.a.)

Certified Information Systems Auditor (CISA) is a certification issued by ISACA for the people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected. The CISA certification is a globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting technology controls in an enterprise environment. It is designed for IT auditors, audit managers, consultants and security professionals.

Course Introduction

Module 01 -The Process of Auditing Information Systems

Module 02 - Governance and Management of IT

Module 03 - Information Systems Acquisition, Development and Implementation

Module 04 - Information Systems Operations, Maintenance and Support

The Certified Information Systems Auditor (CISA) course covers all the six domains of the CISA exam offered by the Information Systems Audit and Control Association (ISACA). CISA exam has become the industry standard for the IT auditing, control and security. The course helps the students to gain relevant, up-to-date and concise knowledge along with hands-on practice exams to prepare for the CISA certification exam.

CISA is one of the most popular and high-demand IT certifications available in the market, approximately, more than 60,000 professionals hold CISA certification. The CISA certification is also consistently named one of the best professional certifications to have by the leading analysts around the world. The course offers the students to gain comprehensive knowledge and concepts that are required to pass the CISA certification exam.

Key Job Duties and Responsibilities

Many online job ads highlight the following key skills, responsibilities and work demands when applying for the position of a Certified Information Systems Auditor (CISA):

  • Assess the design and operational effectiveness of Key Risk Indicators (KRIs) and IT General Controls (ITGCs).
  • Provide guidance on KRI/ITGC testing methodology, validation processes, procedures, adherence to policy and documentation.
  • Design, develop and publish materials to support adherence to the established KRI/ITGC validation processes.
  • Work closely with other teams (Risk, IT, Information Security, etc.) to report, track and follow up on remediation plans.
  • Assist in the development of reporting materials for the various committees.
  • Plan and perform application and general systems control audits, control process reviews and system development reviews.
  • Verify information technology systems and infrastructure are secure and support the related applications.
  • Participate in the development, planning and implementation of fraud investigations involving highly confidential information.
  • Create and deliver presentations to management, discusses audit findings and conclusions and recommends corrective action to improve operations and reduce costs.
  • Perform follow-up audit techniques with management to ascertain implementation of recommendations and assess the adequacy of the corrective action.
  • Performs risk assessments to assist internal audit department management in formulating risk-based audit plans.
  • Participate in the annual review process for maintaining compliance with government standards
  • The course requires the candidates to have systems administration experience, familiarity with networking fundamentals such as TCP/IP, and an understanding of UNIX, Linux, and Windows operating systems.
  • This is an advanced level course and requires the students to have basic concepts and knowledge of the IT security and a minimum of 3-5 years practical experience.

In order to become CISA certified, applicants must pass the CISA examination with a score of 450 or higher (scored on a scale of 200 to 800) and possess a minimum of five years of professional experience in the fields of information systems auditing, control, assuranceor security. The work experience must have been within the 10 years prior to a candidate's application submission or within five years of a passed CISA exam. Certain substitutions and waivers may be applied. The candidate must also adhere to ISACA's Code of Professional Ethics and Information Systems Auditing Standards. Once these criteria are met, the candidate can apply for certification.

The CISA exam is four hours long and consists of 150 multiple choice questions set around five job practice domains:

  • The process of auditing information systems.
  • Governance and management of IT.
  • Information systems acquisition, development and implementation.
  • Protection of information assets.
  • Information systems operations, maintenance and service management.

The exam is administered in June, September and December in testing locations worldwide. Besides English, it is also offered in other languages, including Chinese Mandarin Simplified, French, Japanese, Korean and Spanish.

After achieving CISA certification, CISAs must maintain it by undergoing 20 hours of training per year and a minimum of 120 hours in a three-year period. This training is to ensure that CISAs stay up to date and proficient in their fields.

Attaining CISA certification is considered beneficial as it is accepted by employers worldwide and is often requested for IT audit and security management positions. Although ISACA no longer releases statistics on the number of applicants who pass the CISA exam, it is widely reported that approximately 50% of those taking the exam receive a passing grade.

What Jobs Are CISA Certified Professionals Qualified to Do?

The primary role of the information technology auditor is to ensure that there are no situations of unnecessary spending, fraud, or noncompliance with federal regulations and governmental laws for the organization they work for. Those employees in the CISA role are typically required to report to management and may or may not have subordinate employees as well.

While it is not an exhaustive list, CISA certificate holders may be hired for the positions listed below:

  • IT Audit Manager
  • Internal Auditor
  • Cybersecurity professional
  • IT Consulting
  • Privacy Officer
  • IT Risk and Assurance Manager
  • PCI Security Specialist
Who this course is for:
  • IT audit, control, assurance, and security professionals
  • IT consultants, auditors, and managers
  • Security policy writers
  • Privacy officers
  • Information security officers
  • Network and system administrators
  • Network security engineers