Information Systems Audit and control Association

CISA

Review Course 2003

INTRODUCTION

Introduction - page 1

2002 ISACA

ISACA
ISACA was formed in 1969 to meet the unique, diverse and high technology needs of the burgeoning information technology field. In an industry in which progress is measured in nano-seconds, ISACA has moved with agility and speed to bridge the needs of the international business community and the information technology controls profession.

Introduction - page 2

2002 ISACA

History of the CISA Exam

The Certified Information Systems Auditor (CISA) Program was established in 1978 to: Develop and maintain a testing instrument that could be used to evaluate an individuals competency in conducting information systems audits Provide a mechanism for motivating information systems auditors to maintain their competencies and monitoring the success of the maintenance programs Aid top management in developing a sound information systems audit function by providing criteria for personnel selection and development

Introduction - page 3

2002 ISACA

CISA Growth
Over 27,000 qualified information systems audit, control and security professionals have earned the CISA designation worldwide! 29% annual growth rate each year since 1996

Introduction - page 4

2002 ISACA

Professional Recognition Personal Pride

Being a CISA is more than passing an examination.

It demonstrates the commitment, dedication and proficiency required to excel in the audit, control and security professions.
The CISA designation identifies its holders as consummate professionals who maintain a competitive advantage among their peers
Introduction - page 5

2002 ISACA

Benefits of Becoming a CISA

Attests to an individual's information systems audit expertise. Indicates a desire to serve an organization with distinction.

Highly sought after professional designation.

Assures employers that their staff is able to apply state-of-the-art information systems audit, security and control practices and techniques and that these skills are maintained.
Introduction - page 6

2002 ISACA

Requirements for Certification

Successfully complete the CISA examination. Adhere to the Information Systems Audit and Control Associations Code of Professional Ethics.

Submit a completed Application for Certification with evidence of a minimum of five ( 5 ) years of professional information systems ( IS ) auditing, control and security work experience. Substitution and waivers may apply. (explained in detail subsequently)
Introduction - page 7

2002 ISACA

The CISA Examination

Development of the Exam
One Process Area
Six Content Areas

Studying

Introduction - page 8

2002 ISACA

 Chapter 1 Chapter 2
Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7

Summary of CISA Content Areas

The IS Audit Process ( 10%) Management, Planning and Organization of IS ( 11%)

Technical Infrastructure and Operational Practices ( 13%)

Protection of Information Assets ( 25%) Disaster Recovery and Business Continuity (10%) Business Application System Development, Acquisition, Implementation and Maintenance ( 16%) Business Process Evaluation and Risk Management(15%)

Introduction - page 9

2002 ISACA

References

2003 CISA Review Manual CISA Review Questions, Answers & Explanations Manual CISA Review Questions, Answers & Explanations Manual: 2002 and 2003 Supplements Information Systems Control Journal (Formerly the IS Audit & Control Journal)

Handbook of IT Auditing with 2001 Supplement, Warren, Gorham & Lamont

COBIT: Control Objectives for Information and related Technology, 3rd Edition, 2000, IT Governance Institute and ISACF Information Systems Control and Audit, 1999, Weber
Introduction - page 10

2002 ISACA

How to Study for the CISA Examination

A proper study plan consists of many steps.

Self-appraisal Determination of the type of study program

to undertake

Having an adequate amount of time to prepare Maintaining momentum

Readiness review

Introduction - page 11

2002 ISACA

Types of Questions on the Exam

All questions are multiple choice and are designed for one best answer. Questions require the candidate to choose the appropriate answer. Every CISA question has a stem (question) and four options (answer choices).

Introduction - page 12

2002 ISACA

Administration of the Examination

Administered on Saturday, 14 June 2003 (exact time and location will be indicated on exam ticket ) The examination is offered in every city where there is an ISACA chapter or in locations where there are five or more paid candidates Approximately 190 Test Sites in 57 Countries Dutch, English, French, German, Hebrew, Italian, Japanese, Korean, Spanish and Chinese Simplified and Traditional Mandarin languages 4 hours 200 Multiple-choice Questions Passing Mark of 75 (scaled score)
Introduction - page 13

2002 ISACA

Information Systems Audit and control Association

ISACA is pleased to offer this review course to our chapters and members. We sincerely hope that it will assist candidates in preparing for the CISA examination.

Introduction - page 14

2002 ISACA

Advantage CISA
CISA Certified Information Systems Auditor Gain Worldwide Recognition with CISA
Identification as a consummate professional Credentials that an employer seeks Update with the latest technology Regulatory bodies prefer certified reports from such professionals However, you need to .
Introduction - page 15

2002 ISACA

CISA Designation
Successfully complete CISA Examination Adhere to ISACA Code of Professional Ethics Adhere to Information Systems Auditing Standards A minimum of 5 years of experience in
You cant call yourself CISA until you complete the 5 years certification requirements

Waivers and Substitution for experience Continuing Education Policy CPE hours

Introduction - page 16

2002 ISACA

Waiver on Experience
A maximum of 1 year of Information Systems experience OR 1 year of Financial or Operational Auditing experience can be substituted for 1 year of Information Systems Auditing, Control, or Security experience. (example CA) Any Bachelors degree earns you 2 years credit 2 years as a full time university instructor in a related field (e.g., Computer Science, Accounting, Information Systems auditing) can be substituted for 1 year of Information Systems Auditing, Control or Security experience. (example Teachers / Professor)
Introduction page 17 MAXIMUM EXEMPTION -ALLOWED IS 3

2002 ISACA

Please Note
Experience must have been gained within the 10-year period preceding the application for certification or within five (5) years from the date of initially passing the examination Application for certification must be submitted within five (5) years from the passing date of the CISA exam. All experience will be verified independently with employers. In the event of Multiple employers obtain multiple certificates from employers and the current employer certifies the total experience.

Introduction - page 18

2002 ISACA

CISA is / expected to specialize

IS Audit, Control & Security

Specific Environments

IS Audit, Control & Security Tools IS Auditing Net Centric (Intranet/Extranet/Internet) Control & Security IS Security CISM prospect IS Control

Introduction - page 19

2002 ISACA

Specialize
IS Control IT Governance & Business Management E-business Telecommunications Project Management

Introduction - page 20

2002 ISACA

Opportunities in India
CISA is recognized in India by Govt of India- Min of Information Technology RBI has special recognition for CISA Job Opportunities in Corporate bodies as specialists Special demand in Banking & other Financial Sector due to regulatory requirements Consulting opportunities
Introduction - page 21

2002 ISACA

Chapters role & plans

Promotion with the regulatory bodies / Institutions MIT, RBI, SEBI, SE, NSDL Promotion with the Industry SIG meetings inviting specialists Seminars and Conference to create awareness in emerging technologies IS audit / IT Governance Workshops Promoting awareness and membership to create the ripple effect Best Web-site in Asia year 2001, Best Newsletter Year 2000 Promotion of CISM
Introduction - page 22

2002 ISACA

Thank You!

Questions are welcome!

Introduction - page 23

2002 ISACA