Exam Profile: Certified Information Systems Auditor (CISA)

Date: Apr 13, 2011

Return to the article

The Certified Information Systems Auditor exam requires a vast understanding of 5 content areas, blending hand-on knowledge with strategic level awareness of management. The exam is quite challenging to most, but achieving it can open up career opportunities unlike any other certification. This article gives an overview of the exam, covers “pain points,” and offers practical tips on preparation you can use today to pass this difficult exam.

The CISA certification was established in 1978 by the Information Systems Audit and Control Association (ISACA), an association of IS professionals worldwide. Today, there are now over 70,000 candidates worldwide who have successfully passed this rigorous exam. As of 2011, the exam is available in 1two languages.

The CISA is a highly regarded and model certification. Recognition of the CISA is fairly consistent through all regions worldwide, unlike certifications such as CompTIA’s Security+ or those from the SANS Institute, which are US-heavy. In the United States, the CISA is distinguished by the US Department of Defense as one of their few formally-recognized certifications. This respect comes at a price—it’s a certification with a very challenging exam and requires verified work experience.

The exam is open to anyone interested in systems auditing, controls and information security. Obtaining the CISA certification requires passing the exam, plus work experience. It is offered twice a year, administered worldwide on the same day. For the 2011 exams, you may select among 101 countries. In the US alone, it’s available in 77 cities across 22 states.

Additional information about the exam and the certification is in the “CISA Bulletin of Information,” available on the ISACA website.

Exam Details

Earning the CISA Certification

Passing the exam is one of two requirements for gaining the CISA designation. The second is meeting the required amount of work experience. The most straightforward way to complete the requirement is to have five years of systems auditing experience, but several variants of exceptions and substitutions exist, such as having an advanced degree in IT.

Note that many candidates choose to pass the exam before having the work experience. In fact, ISACA encourages candidates to study for and try the exam at any time, but ensures the certification will be awarded only after a candidate can meet the experience requirement. A candidate has five years after their exam to meet this requirement and apply for the certification.

There are other agreements for a candidate regarding ethics and continued education to obtain the CISA. But this article is about the exam, so consult the ISACA website for more details on gaining the certification.

Trouble Spots

Trouble Spots

The first trouble spot for exam candidates is the sheer scope of material. Without actually knowing the scope, someone may shrug off the exam as simply a non-technical, IT auditing exam. But after a few minutes reviewing the scope, that opinion may change to “overwhelmed” they read through the exam’s five content areas and grasps the depth of each area.

ISACA calls these five content areas “domains.” After a review of all domains, the structure and pattern takes shape. In time, a candidate can associate their own strengths and gaps against them. So, what may appear overwhelming at first will fast create a list of priority areas to study.

The domains covered in the CISA exam are as follows:

How these domains are divided among the questions changes per exam, but ISACA does publicize the proportion in advance.

Experience Pays Off

To possess an introductory level across a few of the five domains requires a few years of relevant experience. For example, a person with three years enterprise auditing experience and two years of systems maintenance will have enough know-how to be quite familiar with two of the five domains. Familiarity will raise confidence. Confidence in the material will increase motivation to study more unfamiliar areas. So experience definitely pays off in time and motivation during your study.

Covering Both Operational and Policy Levels

Another trouble spot is the combination of both low-level and high-level understanding of the domains required of the candidate. Be aware, a candidate having a few years of experience in a domain does not guarantee they know the entire domain. Each domain covers job duties and knowledge that spans multiple levels of a job. For example, let’s look at Domain 4, covering systems maintenance. On an operational level of systems maintenance, a candidate will be more familiar with questions about procedures and implementation. On a higher, more management level of systems maintenance, the candidate is more familiar with policies and standards. Domain 4 spans both levels and much more.

No person is expected to know all areas solely based on experience. This means you must study and should not rely on experience alone for any domain.

Preparation Hints

Preparation Hints

Candidates’ best approach to preparation is to break down their studying according to the five domains listed above.

On the ISACA website, under the CISA exam section, click on the link titled “Prepare for the Exam.” There will be a helpful guide called “The Candidate's Guide to the CISA Exam” available for free.

Task and Knowledge Statements

“The Candidate's Guide to the CISA Exam” lists the several task statements and knowledge statements per domain. Task statements specify a job objective, while knowledge statements declare some specific awareness about an area. Each domain has between five and 11 task statements, and there are between 10 and 21 knowledge statements.

An example of a task statement would be “Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.” That’s the task statement #10 of Domain 4: Information Systems Operations, Maintenance and Support. An example of a knowledge statement would be “Knowledge of operations and end-user procedures for managing scheduled and non-scheduled processes.” That’s statement #3 of the same Domain 4.

Study with Structure

Armed with the task and knowledge statements, a candidate has a structured framework for studying. Depending on your preference, you may wish to check off the topics you feel already comfortable with, prioritizing the most unfamiliar areas to concentrate on. Or you may wish to briefly visit the most well-known areas, which may provide you more insight on the detail level expected across all areas. In any case, use the domain breakdown to your advantage, as a checklist and path to covering all that is required of you.

Recommended Pace for Taking the CISA Exam

A word about the time limit: four hours may seem like a lot, even for 200 questions. It’s not. Four hours is 240 minutes, or one minute, twelve seconds per question.

Now even the most studious candidate shouldn’t try to concentrate for four hours straight. Instead, a candidate should take a break or two to refresh and reenergize. If a candidate takes two short breaks of 5-10 minutes each, that now leaves 220-230 minutes for the exam. Also consider that in any exam, it’s wise to allot time at the end to briefly scan your answer sheet for obvious mistakes (skipped or doubled-answered questions. A safe allotment of time would be 10%, or 20 minutes in this case. That leaves 200 minutes for 200 questions. With a break or two and some buffer time at the end, this gives a plain question-per-minute pace. This pace is especially helpful as you work through the exam, since you can confidently check your pace against the spent time and your current question.

Recommended Study Resources

Recommended Study Resources

Job experience helps, but can only get you so far. Preparation requires studying.

On the ISACA website, there are a variety of resources, such as study guides and review courses (virtual) through their “eLearning Campus.” Depending on your location, you may also find an instructor-led course available in your area. It’s a personal preference, but all these are available at a price.

There is also a “CISA Exam Preparation Community” expected to be accessible through the ISACA website. At the time of writing, the community is not yet available, citing, ”Exam preparation communities will open later this year.”

Study guides are not restricted to ISACA. Proven guides are available by online book outlets such as Amazon, and independent education providers. It is possible to get freely-available, downloadable study guides and practice exams. However, be aware that these are often provided to help generate leads for retail exams.

Exam Objectives

Exam Objectives

The five domains are not covered equally in the CISA exam. Instead, the domains are covered according to ISACA’s analysis of IT auditors’ jobs. Their analysis has created the following proportion of domains to the IT auditor’s job. The domains, and their task and knowledge statements, are as follows:

Domain 1—The Process of Auditing Information Systems (14%)

Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems.

Domain 1—Task Statements:

Domain 1—Knowledge Statements:

Domain 2—Governance and Management of IT (14%)

Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy.

Domain 2—Task Statements:

Domain 2—Knowledge Statements:

Domain 3—Information Systems Acquisition, Development, and Implementation (19%)

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.

Domain 3—Task Statements:

Domain 3—Knowledge Statements:

Domain 4—Information Systems Operations, Maintenance and Support (23%)

Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.

Domain 4—Task Statements:

Domain 4—Knowledge Statements:

Domain 5—Protection of Information Assets (30%)

Provide assurance that the organization’s security policies, standards, procedures, and controls ensure the confidentiality, integrity and availability of information assets.

Domain 5—Task Statements:

Domain 5—Knowledge Statements:

Where yo Go From Here

Where to Go From Here

If you can feasibly prepare for the exam before the exam date, you should immediately register for the exam. This obligation will help you to commit to a study and training regimen.

  1. Familiarize yourself with the five domains.
  2. Familiarize yourself with the Job Practice Areas, available on the ISACA website under the CISA exam section. The Job Practice is an analysis or breakdown of the five domains and how each domain “reflects the vital and evolving responsibilities of IT auditors.”
  3. As said earlier, the Job Practice Areas also shows the proportion of each domain to the exam. For example, Domain 5 (“Protection of Information Assets”) comprises 30% of the exam, while Domain 2 (“Governance and Management of IT”) covers only 14%.
  4. Finally, also in the Job Practice Areas section or the Candidate’s Guide, use the full list of statements as a structured checklist. Allocate your time accordingly.
  5. Once you feel relatively confident, you may opt to take a practice exam to discover any possible gaps left to refresh before taking the real exam.
  6. Remember during the exam to pace yourself accordingly, relying on the question/minute rate.

Good luck!

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |