Certified Information Systems Auditor (CISA)
The Information Systems Audit and Control Association (ISACA) issues certification to the people responsible for ensuring that the IT and business systems of an organization are monitored, managed and protected using highly developed and globally recognized methods. These individuals are given the professional title of Certified Information Systems Auditor (CISA).
The CISA certification is designed for audit managers, consultants, IT auditors and security professionals and is a globally recognized standard for appraising the knowledge, expertise and skill of an IT auditor. The certification recognizes an individual’s ability to assess vulnerabilities and instill technology controls in an enterprise environment. Some statistics suggest that only about half the applicants each year receive a passing grade and the title of CISA.
Business Intelligence (BI) Developer Checklist
Generally, a CISA audits reviews of computer information systems and performs detailed evaluation and internal control under indirect supervision. They develop and maintain audit software, and consult with administrators, faculty, and staff on computer information systems operational issues.
A more detailed job description for the CISA includes performing general and application control reviews for both simple and complex computer information systems, including backup and disaster recovery, system development standards, system security, programming and communication controls, operating procedures and system maintenance. They develop and maintain computerized audit software and follow up on audit findings to ensure that corrective actions have been taken.
A CISA is required to prepare written and oral reports for distribution to management and ensures that there is documentation to support audit conclusions. Auditing can be investigative, compliance, financial or operational, and the CISA may interact with external auditors, law enforcement or other personnel as required. In addition, the CISA trains other audit staff to develop review and analysis methods.
Many online job ads highlight the following key skills, responsibilities and work demands when applying for the position of a Certified Information Systems Auditor (CISA):
- Assess the design and operational effectiveness of Key Risk Indicators (KRIs) and IT General Controls (ITGCs).
- Provide guidance on KRI/ITGC testing methodology, validation processes, procedures, adherence to policy and documentation.
- Design, develop and publish materials to support adherence to the established KRI/ITGC validation processes.
- Work closely with other teams (Risk, IT, Information Security, etc.) to report, track and follow up on remediation plans.
- Assist in the development of reporting materials for the various committees.
- Plan and perform application and general systems control audits, control process reviews and system development reviews.
- Verify information technology systems and infrastructure are secure and support the related applications.
- Participate in the development, planning and implementation of fraud investigations involving highly confidential information.
- Create and deliver presentations to management, discusses audit findings and conclusions and recommends corrective action to improve operations and reduce costs.
- Perform follow-up audit techniques with management to ascertain implementation of recommendations and assess the adequacy of the corrective action.
- Performs risk assessments to assist internal audit department management in formulating risk-based audit plans.
- Participate in the annual review process for maintaining compliance with government standards.
In addition to holding a Bachelor's degree in Computer Science or Business related field, and after obtaining at least five years of professional experience in assurance, security, IT auditing or control, applicants must pass the CISA exam to become certified. It is required that the applicant follow the ISACA Code of Professional Ethics and Information Systems Auditing Standards.
The exam consists of one hundred and fifty multiple choice questions based on five job practice domains. These domains are auditing information systems, management of IT, information asset protection, the acquisition, development and implementation of information systems, and the service management, operations and maintenance of those information systems operations. This exam typically lasts four hours. Those who pass the exam and receive CISA certification must take one hundred twenty additional hours of training over the course of three years to ensure they remain proficient and up to standard.
Other skills and qualifications sought after in this profession are knowledge of current technological developments and trends, auditing concepts and principles, general accounting principles, and a solid grasp of federal, state, and local laws, regulations, and standards governing all aspects of the utilization of computer systems
A CISA must possess the ability to evaluate and review a range of mainframe, PC, and distributed production and applications computer systems, to gather data, compile information, and prepare reports, perform control reviews on systems development, operation, programming, control, and security procedures and standards.
CISA is ranked as the third highest-paying certification according to a survey by Global Knowledge in 2014. One of the highest-paying positions with a CISA certification is that of Internal Audit Director, who makes $136,082 a year (USA 2018). Other job titles associated with CISA are IT Auditor, Senior IT Auditor, Information Technology Manager, Information Security Auditor or Manager, Internal Auditing Manager, Information Systems Auditor or Audit Manager. Wages typically range from $52,459 to $122,326 for a professional holding the CISA certification. (USA 2018)
Webopedia's Top 10
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »List of Well-Known TCP Port Numbers
Port numbers 0 to 1024 are reserved for privileged services and designated as well-known ports. This list of port numbers are specified in... Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »