Can you effectively learn a business's processes inside and out, so that you can help it run more efficiently with its information systems? Determine how to most effectively use resources, including best IT practices and best practices overall.
Many businesses depend heavily on information systems these days, so they want independent experts to confirm that those systems are running efficiently and effectively, and that sensitive data is kept private. You, as a certified information systems auditor, will come in as an independent auditor and will test a company system to make sure it's as efficient as possible.
The CSIA Certification
In to the qualified as a certified information systems auditor, you have to have the certification; in other words, you must take the exam required by the industry in order to receive certification. In 1969, the Information Systems Audit and Control Association was founded. Subsequently, the Certified Information Systems Auditor examination and certification was begun in 1978 so as to address growing industry requirements. Today, more than 30,000 people have the Certified Information Systems Auditor qualification.
How You Can Become a Certified Information Systems Auditor
Take and pass the examination
You must complete the CISA examination. It's conducted just once yearly, on the second Saturday in June. The examination itself has 200 questions, to be answered within four hours. You must get 75% correct on the examination. This puts you in the top 25% of those taking the tests, in general.
Possess a background in control or security, or in information systems auditing
At least five years of information systems auditing experience is required. In some cases, actual experience can be as little as three years, based upon your level of experience, schooling (including graduate degree work or teaching experience that's related). It should also be noted that you do not have to take the exam first; you can gain experience in information systems auditing and/or gain related experience and then pass the examination.
Be compliant with Information Systems Auditing Standards
The Information Systems Audit and Control Association has ISO audit standards you must adhere to. You must also pay a membership fees, local chapter fees, certification fees and examination fees. For more information about this, visit www.isaca.org.
Agree to keep abreast of the continuing education program necessary for professionals.
You'll need 120 hours every three years of additional industry education by giving lectures, attending lectures, or working for your local chapter of the Information Systems Audit and Control Association.
Agree to abide by the CISA professional ethics code
ISACA has a professional code of ethics that you must read, keep apprised of, and agree to abide by.
The Examination
Preparation
To prepare for the examination, you should review ISACA's CISA review manual. It contains the syllabus you'll need for the examination. It's not a textbook, but instead is a review of all of the topics covered in the examination itself.
If you don't have a complete background in information systems audits, good textbooks will help you complete the examinations. Two good books to try are Tannenbaum's Computer Networks and Ron Webercan's Information Systems Control. In addition, the association has many articles and white papers available on the subject on the website (www.isaca.org).
In addition, if you wish, you can join a local chapter's study circle, which meets for several weeks before the examination and goes through all of the material. Experts in CISA run these study circles; in many cases, smaller study groups are formed from the larger study circle, so that those taking the examination have a much smaller group to work with. This fosters learning so that passing the examination is easier; in addition, the study group members can complement each other's strengths.
In most cases, study circles are begun in November and continued to the end of April. Because the examination always occurs on the second Saturday in June, study circles, too, run commensurately. (You must also decide to take the exam by the fourth of February if you want to get a discount for signing up early.)
Sections in the Examination
The examination covers:
- The IS audit process, including auditing standards and guidelines, methodology, and code of ethics. It also covers audit techniques assisted by computer and self-assessment of controls.
- Risk management and business process evaluation.
- Business application maintenance, implementation, acquisition, and system development.
- Business continuity and disaster recovery.
- Information assets' protection.
- Operational practices and technical infrastructure.
- Information systems organization, planning and management.
Those just beginning as certified information systems auditors can expect to make about $50,000 year, while those who have 20 years or more can expect to make about $88,000.
In conclusion
If you have a background in information systems auditing or related field, becoming a certified information systems auditor can be a very lucrative and rewarding career. This is an ongoing need for businesses, and that means job security. Getting your certification will mean several months of study up front to take the examination along with continuing education and membership costs, but for the right person, these are well worth the effort and cost, for a very rewarding career.
