Notes

Outline

ISACA

ISACA ISACA was formed in 1969 to meet the unique, diverse and high technology needs of the burgeoning information technology field. In an industry in which progress is measured in nano-seconds, ISACA has moved with agility and speed to bridge the needs of the international business community and the information technology controls profession.

Overview of the CISA Program and Examination

The CISA designation is recognized as the preferred certification for professional information systems audit, control and security professionals!

History of the CISA Exam The Certified Information Systems Auditor (CISA) Program was established in 1978 to:          · Develop and maintain a testing instrument that could                       be used to evaluate an individual’s competency in                       conducting information systems audits           ·  Provide a mechanism for motivating information                      systems auditors to maintain their competencies and                      monitoring the success of the maintenance programs          ·  Aid top management in developing a sound information                      systems audit function by providing criteria for                      personnel selection and development

Over 23,000 qualified information systems audit, control and security professionals have earned the CISA designation worldwide!

Why Become A CISA? To demonstrate your willingness to improve your technical knowledge and skills. To demonstrate to management your commitment toward organizational excellence. To obtain credentials that employers seek. To enhance your professional image. To be included with other professionals who have gained worldwide recognition.

Summary of Job Content Areas Process Area The IS Audit Process (10%) Content Areas Management, Planning, and Organization of IS (11%) Technical Infrastructure and Operational Practices (13%) Protection of Information Assets (25%) Disaster Recovery and Business Continuity (10%) Business Application System Development, Acquisition, Implementation, and Maintenance (16%) Business Process Evaluation and Risk Management (15%)

How to Study for the CISA Examination A proper study plan consists of many steps.  Self-appraisal  Determination of the type of study program  Having an adequate amount of time to prepare  Maintaining momentum.  Readiness review.

Quality of the Examination Job Analysis Study: determines appropriate content of the examination Test Development Standards: provide standards for development and review of questions Review Process: two reviews of the questions by independent committees before acceptance into pool Periodic Pool Cleaning: continuous review of questions in the pool to ensure that questions are up-to-date Statistical Analysis of Questions: statistics reviewed for a given exam and over multiple administrations to ensure quality questions and grading

Types of Questions on the Exam All questions are multiple choice and           are designed for one best answer.    Questions require the candidate to        choose the appropriate answer.    Every CISA question has a stem (question)          and four option (answer choices).

Administration of the Examination Administered on Saturday, 9 June 2001 200 Multiple Choice Questions Chinese, Dutch, English, French, German, Hebrew, Italian, Japanese, Korean, and Spanish languages 4 hours Approximately 180 Test Sites in 71 Countries The administration of the examination is offered in every city where there is an Information Systems Audit and Control Association Chapter or a large interest in sitting for the exam Passing Mark of 75 (scaled score)

CISA Examination Costs:     Examination Fee Through 16 February 2001 ISACA members (US) $295.00 Non-members (US) $395.00 After 16 February 2001 up to  6 April 2000 ISACA members (US) $345.00 Non-members (US) $445.00

Study Materials:            ISACA  Members    Non-Members   Candidate’s Guide to the   CISA Exam     free to each paid registrant   CISA Review Technical   Information Manual             (US) $100.00      (US) $115.00   CISA Review Questions,          (US) $90.00       (US) $150.00   Answers & Explanations Manual   CISA Review Questions           (US) $30.00       (US) $40.00   Answers & Explanations Manual Supplement (2001) CD-ROM (all questions + articles) (US)$135.00       (US)$160.00

Bulletin of Information and Registration Form Sent to all interested individuals in August each year Copies can be obtained from the CISA Exam Registrar Contains: Requirements for Certification Examination Description Registration Instructions Test Date Procedures Score Reporting Test Center Locations Registration Form

How to Study

How to Study Read the Candidate’s Guide thoroughly Study the CISA Review Technical Information Manual Work through the CISA Review Questions, Answers & Explanations Manual and Supplement Participate in an ISACA Chapter Review Course Read literature in areas where you need to strengthen skills Spend time studying the complement of your field:       If external auditor, study IS audit from the internal audit perspective and vice-versa Join or organize study groups Think of what does and does not lend itself well to multiple choice questions

Certification Requirements

Certification Requirements Successful completion of the CISA examination Minimum of 5 years of Information Systems Audit, Control or Security experience within 10 years of applying and within 5 years of passing exam                                                                   Substitutions    1 year substitute: 1 year of data processing or 1 year of auditing experience   can be substituted for 1 year of Information Systems Audit, Control or Security experience. Each 2 years as a full time college or university professor or instructor in a related field (e.g. computer science, accounting, information systems auditing) can be substituted for 1 year Information Systems Audit, Control or Security experience

1-2 year waiver: 60 completed semester credit hours or an Associate’s Degree, or 120 completed semester credit hours or a Bachelor’s Degree  can be used to waive 1 or 2 years of IS experience, respectively Compliance with the Information Systems Audit and Control Association Code of Professional Ethics

Application for Certification Sent to all who pass the examination Contains: Requirements for Certification Code of Professional Ethics Instructions for Completion of Form Verification of Work Experience for Applicant Form Application for Certification as an Information Systems Auditor

Information Systems Audit and Control Association Code of Professional Ethics CISAs shall: Support the establishment of and compliance with appropriate standards, procedures, and controls for information systems. Comply with Information Systems Auditing Standards as adopted by the Information Systems Audit and Control Association. Serve in the interest of their employers, stockholders, clients and the general public in a diligent, loyal and honest manner and shall not knowingly be a party to any illegal or improper activities. Maintain the confidentiality of information obtained in the course of their duties.  This information shall not be used for personal benefit nor released to inappropriate parties.

"Perform their duties in an..." Perform their duties in an independent and objective manner, and avoid activities which threaten or may appear to threaten their independence. Maintain competency in the interrelated fields of auditing and information systems through participation in professional development activities. Use due care to obtain and document sufficient factual material on which to base conclusions and recommendations. Inform the appropriate parties of the results of audit work performed.  Support the education of management, clients and the general public to enhance their understanding of auditing and information systems. Maintain high standards of conduct and character in both professional and personal activities.

Maintenance of Certification

Maintenance of Certification Objectives of the Continuing Education Program: Ensure that all CISAs maintain an adequate level of current knowledge in the field of IS Audit, Control or Security. Uphold the high quality of standards for the CISA Certification Program. Provide a means to differentiate between qualified CISAs and those who have not met the requirements for continuation of their certification. Aid top management in developing a sound IS Audit, Control, and Security function by providing criteria for personal selection and development. Meet the needs of management, audit committees, government regulators and other constituent.

Continuing Education Requirements Certification is granted annually to those CISAs who: annually report a minimum of 20 contact hours of continuing education in each year annually pay the continuing education maintenance fee comply with the Information Systems Audit and Control Association Code of Professional Ethics report a minimum of 120 contact hours of continuing education for each fixed three-year period.  Both annual and three-year requirements begin 1 January of the following year after becoming certified. No grace period.  If certification lapses, the exam must be retaken.

Assistance and Information

For more information on the CISA exam, contact: Chapter CISA Coordinator OR Certification Department at Information Systems Audit and Control Association 3701 Algonquin Road, Suite 1010 Rolling Meadows, Illinois 60008 USA   Telephone: +1.847.253.1545           Fax:                 +1.847.253.1443               E-Mail:               certification@isaca.org