CISA is possibly the one 'pure' Information systems audit qualification that is recognised anywhere.
It has lovely exam questions - and I should know, as I wrote some of them.
There are other IT audit certifications - from the IIA's aborted QiCA to supporting CPA type accounting quals and tech quals such as CCNA - but none with the universal recognition CISA holds.
If you can't do this after a few years experience, you probably shouldn't be an IT auditor.
Holding it doesn't prove your competence in any particular area - but it does verify that you understand what you are doing and have the skills and experience to undertake at least simpler audit assignments.
You can get a year or two off the experience requirement from relevant degrees and qualifications, or other relevant experience.
The exam is wide in it's scope, but for anyone with a good all-round understanding of enterprise IT and a comprehension of business risk it should not be too hard.
There is a book to support it and also a CD question bank for practice - both are worth having.
The book is mind-numbingly dull and best used as a tool to identify any areas within the syllabus that where you may need further study.
The CD is a far-too-accurate practice questions tool, and many candidates have noticed a strong similarity between some of the CD questions and exam questions on the day.
Still, if a few questions are similar it's nowhere near enough to pass, so use the practice questions to identify areas of weakness.
Address these areas with the book or other resources, then re-test yourself.
You don't have to attend a course, but a number of organisations run CISA preparation classes commercially, which are recommended.
If you are have IT audit experience, good IT knowledge and a strong background in business, you may be able to get away with as little as a few hours preparation.
If there are gaps in your knowledge, you have a technical background that has focused on specific areas of the syllabus, or your IT knowledge is weak, you will need more time.
You may want to take relevant courses, read up in weak areas, and spend a few months preparing for the exam.
If you're doing well in every area on the CD, you should do well in the exam.
You need 20 hours of verifiable CPD a year, and a total of 120 hours over 3 years.
If you don't have the time to go on a week-long course each year, ISACA branches run regular seminars, and you can also gain CPD from completing a quiz in their journal or from taking part in branch activities.
The bottom line is that CISA makes you a safer hire, and therefore more likley to get the job you're looking for at an acceptable salary.
This Cyber News was published on securityboulevard.com. Publication date: Sun, 11 Feb 2024 15:13:04 +0000