ISACA

1
ISACA
The recognized global leaders in IT
governance, control and assurance
2
2008 CISA? Review Course INTRODUCTION
3
ISACA Facts

• Founded in 1969 as the EDP Auditors Association
• Since 1978, CISA has been a globally accepted
  standard of competency among IS audit, control,
  assurance and security professionals.
• More than 65,000 members in over 140 countries
• More than 175 chapters in over 70 countries
  worldwide

4
ANSI Accreditation

• The American National Standards Institute (ANSI)
  has awarded accreditation under ISO/IEC 17024 to
  the Certified Information Systems Auditor (CISA)
  and Certified Information Security Manager (CISM)
  certification programs. ANSI reaccredited these
  ISACA programs in 2007.
• Accreditation by ANSI signifies that ISACAs
  procedures meet ANSIs essential requirements for
  openness, balance, consensus and due process.

5
CISA Certification Current Facts

• More than 55,000 CISAs worldwide
• The CISA exam is offered in 11 languages and at
  over 240 locations
• A 2007 survey of ISACA members revealed that 89
  percent of CISAs value their certification, and
  72 percent of CISAs believe that the CISA
  certification has helped advance their career.

6
Why Become a CISA?

• Enhanced Knowledge and Skills
• To demonstrate your willingness to improve your
  technical knowledge and skills
• To demonstrate to management your proficiency
  toward organizational excellence
• Career Advancement
• To obtain credentials that employers seek
• To enhance your professional image
• Worldwide Recognition
• To be included with other professionals who have
  gained worldwide recognition

7
CISA in the Workplace

• Nearly 1,300 are now employed in organizations as
  the CEO, CFO or equivalent executive position
• More than 2,300 serve as chief audit executives
  (CAEs), audit partners or audit heads
• More than 3,600 serve as CIOs, CISOs, security
  directors, security managers or consultants
• More than 5,600 serve as audit directors,
  security staff, managers or consultants
• Over 12,000 are employed in managerial or
  consulting positions in IT operations or
  compliance
• More than 13,000 auditors (IS/IT and non-IS/IT)

8
CISA Job Practice Areas

• IS Audit Process 10
• Provide IS audit services in accordance with IS
  audit standards, guidelines, and best practices
  to assist the organization in ensuring that its
  information technology and business systems are
  protected and controlled.
• IT Governance 15
• Provide assurance that the organization has the
  structure, policies, accountability, mechanisms,
  and monitoring practices in place to achieve the
  requirements of corporate governance of IT.
• Systems and Infrastructure Lifecycle Management
  16
• Provide assurance that the management practices
  for the development/acquisition, testing,
  implementation, maintenance, and disposal of
  systems and infrastructure will meet the
  organizations objectives.

9
CISA Job Practice Areas

• IT Service Delivery and Support 14
• Provide assurance that the IT service management
  practices will ensure the delivery of the level
  of services required to meet the organizations
  objectives.
• Protection of Information Assets 31
• Provide assurance that the security architecture
  (policies, standards, procedures, and controls)
  ensures the confidentiality, integrity, and
  availability of information assets.
• Business Continuity and Disaster Recovery 14
• Provide assurance that in the event of a
  disruption the business continuity and disaster
  recovery processes will ensure the timely
  resumption of IT services while minimizing the
  business impact.

10
CISA Certification Requirements

• Earn a passing score on the CISA Exam
• Have a minimum of five years of verifiable IS
  audit, control or security experience
  (substitutions available)
• Submit the CISA application and receive approval
• Adhere to the ISACA Code of Professional Ethics
• Abide by IS Auditing Standards as adopted by
  ISACA
• Comply with continuing professional education
  policy

11
Administration of the CISA Exam

• 2008 Exam Dates
• Saturday 14 June 2008
• Saturday 13 December 2008
• More than 240 test sites offered for each exam
  administration
• Offered in every city where there is an ISACA
  chapter or a large interest in individuals
  sitting for the exam
• Passing mark of 450 on a common scale of 200 to
  800

12
2008 Registration Fees Exam 13 December 2008

• Early Registration - On or before 20 August 2008
• ISACA Member US 375.00
• Non-Member US 505.00
• Final Registration - After 20 August, but on or
  before 24 September 2008
• ISACA Member US 425.00
• Non-Member US 555.00
• Register Online at www.isaca.org/examreg
• Online registration via the ISACA web site is
  encouraged, as candidates will save US 50.
  Non-members can join ISACA at the same time,
  which maximizes their savings.

13
Bulletin of Information and Registration Form

• Sent to potential candidates in ISACA database
  each year
• Can be downloaded from the ISACA web site at
  www.isaca.org/cisaboi
• Is available in the languages offered for the
  exam.
• Bulletin includes
• Requirements for certification
• Exam description
• Registration instructions
• Test date procedures
• Score reporting
• Test center locations
• Registration forms

14
Types of Questions on the CISA Exam

• Exam consists of 200 multiple choice questions
  administered over a four-hour period
• Questions are designed to test practical
  knowledge and experience
• Questions require the candidate to choose one
  best answer
• Every question or statement has four options
  (answer choices)

15
Quality of the Exam Ensured by

• Job Practice Analysis Study Determines content
• Test Development Standards Ensures high
  standards for the development and review of
  questions
• Review Process Provides two reviews of questions
  by independent committees before acceptance into
  pool
• Periodic Pool Cleaning Ensures that questions in
  the pool are up-to-date by continuously reviewing
  questions
• Statistical Analysis of Questions Ensures
  quality questions and grading by analyzing exam
  statistics for each language

16
2008 Study Materials

• ISACA Members
  Non-Members
• Candidates Guide to the CISA Exam
  free to each paid registrant
• CISA Review Manual 2008 (US) 105.00
  (US) 135.00
• CISA Review Questions, Answers (US) 100.00
  (US) 130.00Explanations Manual 2008
• CISA Review Questions, Answers (US)
  40.00 (US) 60.00Explanations Manual
  2008 Supplement
• CISA Practice Question Database V8 (US)
  160.00 (US) 195.00

17
How to Develop a CISA Study Plan

• A proper study plan consists of several steps
• Self-appraisal
• Determination of the type of study program
• Having an adequate amount of time to prepare
• Maintaining momentum
• Readiness review

18
How to Study for the CISA Exam

• Read the Candidates Guide thoroughly
• Study the CISA Review Manual
• Work through the CISA Review Questions, Answers
  Explanations Manual, Supplement and CD
• Participate in an ISACA Chapter Review Course
• Read literature in areas where you need to
  strengthen skills
• Spend time studying the complement of your field
  If external auditor, study IS audit from the
  internal audit perspective and vice-versa
• Join or organize study groups
• Take the ISACA online review course

19
Application for Certification

• Sent to all who pass the exam
• Contains
• Requirements for certification
• Code of Professional Ethics
• Instructions for completion of form
• Verification of work experience for applicant
  form
• CISA application form

20
CISA Continuing Education Policy Details
21
Continuing Education Requirements

• Certification is renewed to those who
• Report an annual minimum of 20 hours of
  continuing professional education
• Report a minimum of 120 hours of continuing
  education for each fixed three-year period
• Pay the annual certification maintenance fee
• Respond and submit required documentation of
  continuing education activities if selected for
  an annual audit
• Comply with the ISACA Code of Professional Ethics

22
ISACA Code of Professional Ethics

• Members and ISACA certification holders shall
• Support the implementation of, and encourage
  compliance with, appropriate standards,
  procedures and controls for information systems.
• Perform their duties with objectivity, due
  diligence and professional care, in accordance
  with professional standards and best practices.
• Serve in the interest of stakeholders in a lawful
  and honest manner, while maintaining high
  standards of conduct and character, and not
  engage in acts discreditable to the profession.

23
ISACA Code of Professional Ethics (continued)

• Members and ISACA certification holders shall
• Maintain the privacy and confidentiality of
  information obtained in the course of their
  duties unless disclosure is required by legal
  authority. Such information shall not be used for
  personal benefit or released to inappropriate
  parties.
• Maintain competency in their respective fields
  and agree to undertake only those activities,
  which they can reasonably expect to complete with
  professional competence.
• Inform appropriate parties of the results of work
  performed revealing all significant facts known
  to them.
• Support the professional education of
  stakeholders in enhancing their understanding of
  information systems security and control.

24
Want to know more? Please contact us at

• ISACA and ITGI
• 3701 Algonquin Road
• Suite 1010
• Rolling Meadows, IL 60008 USA
• Phone 1.847.660.5660
• Fax 1.847.253.1443
• E-mail certification_at_isaca.org
• Web site www.isaca.org