What is a certified information systems auditor?
Certified Information Systems Auditor (CISA) refers to a designation issued by the Association of Information Systems Audit and Control (ISACA). The designation is the global standard for professionals with careers in information systems, in particular auditing, control and security. CISA holders demonstrate to employers that they have the knowledge, technical skills and competencies necessary to meet the dynamic challenges facing modern organizations.
Understanding the certified information systems auditor (CISA)
To receive certification as a certified information systems auditor, candidates must pass a comprehensive exam and meet the requirements for work experience in the industry. Applicants must also undergo continuing education and professional development and adhere to the ISACA Code of Professional Ethics and Auditing Standards for Information Systems.
Information Systems Certified Auditor Exam
The CISA exam lasts four hours and consists of 150 multiple choice questions. The exam tests candidates’ knowledge in five areas of professional practice: the information systems audit process; IT government and management; Acquisition, development and implementation of information systems; Management of operations, maintenance and services of information systems; and protection of information assets. Applicants must score 450 to pass the exam. The exam scores between 200 and 800.
Candidates have the opportunity to take the exam in June, September or December in test centers around the world. The exam is also available in several languages, including Mandarin Chinese (simplified and traditional), Spanish, French, Japanese and Korean.
Work experience requirements in certified information systems
Applicants to CISA must have a minimum of five years of professional experience in the audit, control or security of information systems. There are several substitutions and derogations from work experience of up to three years maximum that applicants can satisfy.
- A maximum of one year of experience in information systems OR one year of experience in auditing non-computer systems. (Replaces one year of work experience.)
- Sixty to 120 university semester credit hours completed. (Sixty credit hours replace one year of work experience, while 120 credit hours replace two years of work experience.)
- A master’s or bachelor’s degree from a university that sponsors ISACA programs. (Replaces one year of work experience.)
- A master’s degree in information security or information technology from an ISACA accredited university. (Replaces one year of work experience.)
University instructors who have two years of experience in a related field, such as computer science, information systems auditing or accounting, can substitute this experience for one year of work experience.
Certified auditor in information systems Continuing professional training
To ensure that professionals holding the CISA title update their knowledge of information systems, auditing and control, they are required to follow 20 hours of training per year and a minimum of 120 hours over a period three years. ISACA charges annual maintenance fees to renew the CISA certification. ISACA members pay $ 45 and non-members pay $ 85.