CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA)
As a Certified Information Systems Auditor (CISA), you're tasked with tremendous responsibility: You'll audit, control and provide security of information systems for a multitude of industries throughout the business and IT sectors.
To become the very best cyber security professional possible, you first need to start with a strong academic background. There are many traditional and online programs that can prepare you for your career path. However, if you want to take your career to the next level, you will likely need an additional certification from a professional organization.
As a rule, professional organizations and technology companies have led the tech as far as career advancement credentials, and there have been organizations for computer security professionals since the 1960's. The ISACA is one such organization. Formed in 1967, the association now claims over 140,000 members worldwide. The membership is organized by 200 chapters in 80 countries.
As an educational resource, the ISACA publishes a regular journal and maintains databases of research and other documents to help cyber security professionals stay at the front of the industry—and their specialty. They also offer a certification program, the Certified Information Systems Auditor (CISA), that gives members high-status credentials.
Note: Certificate vs Certification
- Certificate: A certificate is awarded by an educational institution, and signifies that a student has satisfactorily completed a given curriculum. Certificate programs can help students prepare for certification exams.
- Certification: A certification is generally awarded by a trade group after an individual has met certain professional requirements (e.g. earned a specific degree, worked professionally in a given field for a set amount of time, etc.) and passed a certification exam.
In short, a certificate is evidence that someone has completed an educational program, while a certification denotes that someone has met a certain set of professional criteria and/or passed an exam.
Not all programs offered are designed to meet state educator licensing or advancement requirements; however, it may assist candidates in gaining these approvals in their state of residence depending on those requirements. Contact the state board of education in the applicable state(s) for requirements.
WHY GET CERTIFIED TO BECOME A CISA
When you can add "Certified" to the Information Systems Auditor title on your resume, other professionals will see that you are a qualified and acknowledged expert who has been tested, proven and who continues to develop in the field. They will know that you have the knowledge and skills needed to provide efficient and experienced auditing services and that you have been credentialed by one of the most prestigious security associations in the industry.
When you perform an audit as a CISA, you will have an added level of confidence that academic degrees alone cannot match. Your certification will also give you an edge when it comes time to negotiate salary or a consultation fee.
The CISA designation is also accredited by the American National Standards Institute (ANSI). This third-party verification ensures that the ISACA's programs maintain a verified level of excellence.
HOW TO GET CERTIFIED
To become a certified CISA, you will first need to pass the certifying exam. Applicants will need a minimum of five years' work experience as an information systems auditor. However, you can waive up to three years of that experience requirement if you've met the following criteria:
- One year of experience as an Information Systems auditor. You may also submit one year of non-IS auditing experience.
- A two or four-year degree, which can be substituted for the experience requirement, provided that your degree was earned within the previous 10 years. The associate's degree can substitute for one year of experience, while a bachelor's degree will substitute for two years.
- Hold a master's degree in Information Security, Information Technology, or the equivalent. A graduate degree can count for one year of experience.
- Two years' experience as a university professor of computer science, accounting or information systems auditing can be substituted for one year of experience in the field.
Once you have met the experience criteria, you will then need to agree to the ISACA code of professional ethics. Finally, you must adhere to the continuing professional education (CPE) program, which ensures that you continue to develop as a professional. You must maintain your membership fees to the ISACA and complete at least 20 CPE hours per year.
Finally, you must agree to maintain the auditing standards of the ISACA and of all CISA holders. If it is found that a CISA's work is not in compliance with the association's standards, that professional might lose credential standing or otherwise face disciplinary measures.
THE CISA EXAM
The CISA exam is comprised of five domains or sections. There are 150 questions on the exam and you will have four hours to complete it. For each domain there are items which will test your procedural skills and then a set that evaluates your knowledge.
| Section | % of Exam | What It Will Test |
| Process of Auditing Information Services | 21% | You will be asked to provide audit services that comply with standards that protect and control information. |
| Governance and Management of Information Technology | 16% | You will need to demonstrate that you can delegate responsibilities among professionals to ensure information security. |
| Information Systems Acquisition, Development and Implementation | 18% | You will need to ensure that the organization's objectives are met regarding its information systems strategy. |
| Information Systems Operations, Maintenance and Service Management | 20% | Assure that the processes for these areas supports the organization's objectives. |
| Protection of Information Assets | 25% | Assure the organization that its information will maintain its integrity, confidentiality and accessibility. |
If you are currently working in the field as an IS auditor, or are envisioning IS auditing as a career, consider taking the CISA exam and enhancing your career with this potent credential. Every resume in the IS field needs to reflect continual growth in terms of learning and knowledge, and the CISA standards provide assurance that your work adheres to high standards. Consult the ISACA's website today and start on the road to the next level in your career.