A Step by Step Guide on How to Get CISA Certification

CISA

Overview of the Course

A Certified Information Systems Auditor (CISA) course is offered by the Information Systems Audit and Control Association (ISACA). CISA certification is for those individuals who audit, monitor, control, and review data and data security protocols in an enterprise. Having this certification assures employers that a professional is capable of designing and implementing control processes, managing vulnerabilities in the system, and ensuring compliance.

The role of an information auditor typically involves

  • Reviewing existing controls and identifying vulnerabilities
  • Planning the implementation of solutions
  • Testing and managing new solutions
  • Identify periodic variances of the controls from the expected performance.
  • Reporting for management purposes and legal compliance

The role of an auditor has stopped being the performance of menial tasks and has started assuming greater significance. With increased data breaches and security threats, organizations need someone who can design, execute, manage, and test protocols and key controls in line with the enterprise goals and objectives. As ISACA states, CISA allows professionals to assert their experience and ability in applying a risk-based approach to planning, executing, and reporting on audit engagements.

CISA professionals would be at the forefront of the cyber battlefield in implementing and instituting internal controls and ensuring they comply with the risk-mitigating goals of an enterprise.

Is This Certification Right for You?

CISA certification is useful for individuals who want to become an IT auditor. The jobs that require CISA-certified professionals require thorough knowledge and practical experience in designing and implementing information security, IT control, and information systems audit. The kind of jobs that you can get with this certification involves legal compliance and an understanding of IT infrastructure. This understanding is important because it helps in judging the information security protocols in place and then developing them.

From a regulatory compliance perspective, CISA-certified professionals might need to audit HIPAA, SOX, NIST special publication 800, GLBA, and FISMA for government agencies in the US. Experience in working with those standards can be very useful.

What are the Eligibility Criteria for CISA Certification?

There are no academic eligibility components for CISA certification. However, candidates must meet minimum experience qualifications to be eligible for the certification. Just writing the exam doesn’t make an individual automatically certified as an information systems auditor. Only after meeting the eligibility criteria will they receive the qualification.

So, the experience requirements are

  • A minimum of five years of work experience in information systems auditing, control, or security.
  • These five years of experience are as described in the CISA Job Practice Areas.
  • This required work experience must be obtained in the 10-year period preceding the date of the application.
  • Candidates have 5 years from the date of the exam to apply for the certification.
  • ISACA encourages individuals to gain work experience after the exam as well.
  • After complying with the experience requirements, individuals will be eligible for certification.
  • There are some substitutions available to reduce the number of years of work experience you need to put in.
  • Substitutions may be obtained for a maximum period of 3 years out of the required 5-year period.
  • The prerequisites for such substitutions are
    • A maximum of 1 year can be substituted if an individual has 1 year of experience working with information systems or a year of experience working on non-IT audit services and platforms.
    • 60 to 120 completed university semester credit hours may be substituted for 1 year of the experience requirement. These credit hours are the equivalent of a 2-year or a 4-year degree or a course. This qualification need not be limited by the 10-year preceding work experience condition. That means an individual could have gotten this qualification more than 10 years ago and still be eligible for the substitution
    • A master’s degree in information security or information technology can be substituted for 1 year out of the experience requirements.
    • No experience can match the 2 years’ worth of experience required in information systems audit.
    • Every two years of full-time university instructor in a related field such as accounting, computer science, information systems auditing can be used for one year of work experience.

What is the Certification Process?

The process of certification for the exam starts with getting the relevant experience. This experience should be provided by your employer on the company’s official letter. When you submit that letter, it will be vetted. After that, you have to apply for the exam. It happens in three testing windows throughout the year, with each testing window open for four months. The exams themselves will be conducted in June, September, and December every year.

CISA uses a scaled score system where your score is taken and converted to a common score. It is weighed between 200 and 800. A minimum score of 450 is required to pass the exam. The exam has 200 questions that are multiple-choice, conducted over 4 hours. While the test is offered in multiple languages, only English is allowed throughout the year. Other languages such as Mandarin, Simplified Chinese, Korean, and Japanese are available only in June. The exam is conducted on five different domains.

They are

  • Information Systems and Auditing Process, which accounts for 14% of your grade
  • Governance and Management of IT, which accounts for 14% of your grade.
  • Information Systems Acquisition, Development, and Implementation, which accounts for 19% of your grade
  • Information Systems Operations and Business Resilience, which accounts for 23% of your grade
  • Protection of Information Assets, which accounts for 30% of your grade

Cost of CISA Certification

Early registration costs $440 for members and $625 for non-members. Final registration costs $490 for members and $675 for non-members. Mailed or faxed registrations cost $75 for processing. CISA application has a $50 fee for giving you the certification. Exam changing costs $50 while delayed cancellation costs $100.

Where to Get Online Resources for Certification?

ISACA’s website provides you all the required resources to prepare for your exam. Other than that, websites like Udemy, Simplilearn, and others help in preparing for the exam as well.