Certified Information System Auditor

From Wikipedia, the free encyclopedia

Certified Information Systems Auditor (CISA) is an audit professional certification sponsored by the Information Systems Audit and Control Association (ISACA). Candidates for the certification must meet requirements set by ISACA.

Contents 1 History 2 Requirements 3 Examination 4 References 5 See also 6 External links

[edit] History

The CISA certification was established in 1978 ^[1] for several reasons:

1. Develop and maintain a tool that could be used to evaluate an individuals' competency in conducting information system audits.

2. Provide a motivational tool for information systems auditors to maintain their skills, and monitor the success of the maintenance programs.

3. Provide criteria to help aid management in the selection of personnel and development.

The first CISA examination was administered in 1981, and registration numbers have grown each year. The exam is now offered in 11 languages at more than 200 locations worldwide. In 2005, Information Systems Audit and Control Association, or ISACA, announced that the exam would be offered in both June and December, starting in 2005. Previously, the exam had only been administered annually, in June. Over 50,000 candidates have earned the CISA designation.

The CISA certification has been recognised with ANSI accreditation, along with the CISM certification- both of these certifications are managed by ISACA. It is one of the few certifications formally approved by the US Department of Defense in their Information Assurance Technical category (DoD 8570.01-M)..

[edit] Requirements

Candidates for a CISA certification must pass the examination, agree to adhere to ISACA's Code of Professional Ethics, submit evidence of a minimum of five years of professional IS auditing, control, or security work, and abide by a program of continuing professional education.

Substitutions and waivers of such experience may be obtained as follows:^[2]

- A maximum of one year of information systems experience OR one year of financial or operational auditing experience can be substituted for one year of information systems auditing, control, or security experience.

- 60 to 120 completed college semester credit hours (the equivalent of an Associate or Bachelor degree) can be substituted for one or two years, respectively, of information systems auditing, control or security experience.

- Two years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for one year of information systems auditing, control or security experience.

[edit] Examination

The exam consists of 200 multiple-choice questions that must be answered within 4 hours. The exam is split between 6 Content Areas as of 2006:

• IS Audit Process - 10% of Exam
• IT Governance - 15% of Exam
• Systems and Infrastructure Lifecycle Management - 16% of Exam
• IT Service Delivery and Support - 14% of Exam
• Protection of Information Assets - 31% of Exam
• Business Continuity and Disaster Recovery - 14% of Exam

The CISA exam is offered annually during the months of June and December.

June 2008 Exam Dates:

13 February: Early Registration Deadline
9 April: Final Registration Deadline
14 June: Exam

[edit] References

1. ^ http://www.isaca.org/Template.cfm?Section=CISA_Certification&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=16&ContentID=4526 , CISA certification, Retrieved 02 October 2007
2. ^ http://www.isaca.org/Template.cfm?Section=CISA_Certification&CONTENTID=20450&TEMPLATE=/ContentManagement/ContentDisplay.cfm, CISA certification retrieved at 18 February 2008

[edit] See also

• CISSP
• CISM
• CGEIT

[edit] External links

• CISA receives DoD Recognition