Certified Information Systems Auditor (CISA): a certification to boost your Chartered Accountancy (CA) career

If you are thinking to build a career in IS audit but are unclear
exactly about the nature of job, we will tell you what it is all
about. And if you have already made up your mind to become a CISA, we
are going to discuss how to get certified.

Information Systems and IS audit--

A look into the current scenario makes it evident that business and
technology are inseparable. Increasingly, organizations are using
Information Systems (IS) for better functioning and controlling
business risks. IS and IT together have made it possible for an
enterprise to carry out tasks which are difficult for humans. Now it
is easy to multitask, handle large amount of information and carry out
complex calculations. But businesses can only avail computerized
environment when their information systems can be controlled and are
dependable. While IT is vital to growth of an enterprise, it also
brings along technology risks. There are lots of complex issues and
vulnerabilities involved with computer networks which need to be
addressed. This necessity has led organizations to concentrate on
Information Systems (IS) audit.

IS audit is a subset of normal auditing procedure. It is a systematic
and independent evaluation of internal control design of information
systems. IS audit ensures effectiveness of information systems in the
maintenance of data accuracy and consistency, protection of the firm's
assets, and attainment of organization goals. This is achieved by
considering controls, verifying software applications, preventing any
breach in security, and preparing for all potential risks.
About CISA

CISA is a globally accredited certification awarded by Information
Systems Audit and Control Association (ISACA), a nonprofit
organization serving enterprises which use information systems (IS). A
CISA designation demonstrates a professional's competence in IS audit,
control, assurance and security. The certification is widely
recognized in the fields of IT risk management, IT security management
and IT governance.
How beneficial is the certification?

Student perspective:--
There is a huge demand of CISAs in varied industries but employment in
financial services has witnessed a steep rise. A candidate can head
towards personal as well as professional development by becoming a
CISA. One can get an exposure to all business and information
technology (IT) process areas. There are audit as well as non-audit
roles available for CISAs. Apart from IT auditor, you can take up
roles viz. IT risk management, IT compliance and IT control analysts.
With an experience, you could also get the positions of IS Manager, IS
Audit Manager and Internal Audit Director.

CISA certification, along with a background in finance, presents a
long list of opportunities which you should grab immediately. As a CA,
your understanding of principles and practice of auditing would be
good. This knowledge along with appropriate work experience can pave a
path to a rewarding IS auditing career.

Enterprise perspective:--
The business operations have been heavily dependent on information
systems lately. Organizations are required to implement and prove the
existence of strong internal controls to safeguard data against any
loss or unauthorized modification when exposed to computerized
environment. To achieve these objectives, companies must include
knowledgeable and ISACA certified IS auditors in their team. A
candidate who is a CISA will undoubtedly be an asset to an enterprise.
Certification process

A passing score in CISA exam and a minimum of 5 years of work
experience in IS audit, control, assurance or security are
prerequisites for the certification.
The 4-hour CISA exam comprises of 200 multiple-choice questions and is
paper-based. These questions cover five job practice domains as shown
in the given chart. The examination is held in the month of June,
September and December for all candidates, and can be taken at any one
of the 17 test centers in India.


The exam can be taken by students even if they don't possess required
experience at that instant. However, to get the certification it is
compulsory to gain the required experience within 5 years of passing
the exam. ISACA allows waivers and substitutions of experience which
are applicable to a maximum of 3 years. With a bachelor's degree one
can get a waiver of 1 year while a master's degree will provide 2-year
waiver of experience. We believe that CAs can easily get a waiver of 2
years of experience, the requirement being 120 hours university
semester credit hours. However, it is recommended that you get
clarification from ISACA regarding experience substitution. Also, an
auditing experience of 1 year in non- IS can be substituted for 1 year
of experience. Therefore getting through CISA exam and gaining the
remaining 2 years of experience in IS auditing are the only
requirements for a CA to apply for CISA certification.
Retaining your certification

After becoming a CISA you need to maintain it as well. This means that
you need to follow certain guidelines of ISACA to retain the
certification.

These include:

Strictly following Code of Professional Ethics
Keeping up-to-date knowledge through Continuing Professional
Education (CPE) program
Adhering to the Information Systems Auditing Standards

The CPE program requires maintenance fees and attainment of 20 contact
hours annually. In addition to this, attainment and reporting of 120
CPE hours are compulsory for a period of 3 years. Also, you have to
keep abreast of new technology and techniques.

For more go here-- www.isaca.org