The Information Systems Audit and Control Association (ISACA) issues certification to the people responsible for ensuring that the IT and business systems of an organization are monitored, managed and protected using highly developed and globally recognized methods. These individuals are given the professional title of Certified Information Systems Auditor (CISA).
The CISA certification is designed for audit managers, consultants, IT auditors and security professionals and is a globally recognized standard for appraising the knowledge, expertise and skill of an IT auditor. The certification recognizes an individualâ€™s ability to assess vulnerabilities and instill technology controls in an enterprise environment. Some statistics suggest that only about half the applicants each year receive a passing grade and the title of CISA.
Business Intelligence (BI) Developer Checklist
Generally, a CISA audits reviews of computer information systems and performs detailed evaluation and internal control under indirect supervision. They develop and maintain audit software, and consult with administrators, faculty, and staff on computer information systems operational issues.
A more detailed job description for the CISA includes performing general and application control reviews for both simple and complex computer information systems, including backup and disaster recovery, system development standards, system security, programming and communication controls, operating procedures and system maintenance. They develop and maintain computerized audit software and follow up on audit findings to ensure that corrective actions have been taken.
A CISA is required to prepare written and oral reports for distribution to management and ensures that there is documentation to support audit conclusions. Auditing can be investigative, compliance, financial or operational, and the CISA may interact with external auditors, law enforcement or other personnel as required. In addition, the CISA trains other audit staff to develop review and analysis methods.
Many online job ads highlight the following key skills, responsibilities and work demands when applying for the position of a Certified Information Systems Auditor (CISA):
- Assess the design and operational effectiveness of Key Risk Indicators (KRIs) and IT General Controls (ITGCs).
- Provide guidance on KRI/ITGC testing methodology, validation processes, procedures, adherence to policy and documentation.
- Design, develop and publish materials to support adherence to the established KRI/ITGC validation processes.
- Work closely with other teams (Risk, IT, Information Security, etc.) to report, track and follow up on remediation plans.
- Assist in the development of reporting materials for the various committees.
- Plan and perform application and general systems control audits, control process reviews and system development reviews.
- Verify information technology systems and infrastructure are secure and support the related applications.
- Participate in the development, planning and implementation of fraud investigations involving highly confidential information.
- Create and deliver presentations to management, discusses audit findings and conclusions and recommends corrective action to improve operations and reduce costs.
- Perform follow-up audit techniques with management to ascertain implementation of recommendations and assess the adequacy of the corrective action.
- Performs risk assessments to assist internal audit department management in formulating risk-based audit plans.
- Participate in the annual review process for maintaining compliance with government standards.
In addition to holding a Bachelor’s degree in Computer Science or Business related field, and after obtaining at least five years of professional experience in assurance, security, IT auditing or control, applicants must pass the CISA exam to become certified. It is required that the applicant follow the ISACA Code of Professional Ethics and Information Systems Auditing Standards.
The exam consists of one hundred and fifty multiple choice questions based on five job practice domains. These domains are auditing information systems, management of IT, information asset protection, the acquisition, development and implementation of information systems, and the service management, operations and maintenance of those information systems operations. This exam typically lasts four hours. Those who pass the exam and receive CISA certification must take one hundred twenty additional hours of training over the course of three years to ensure they remain proficient and up to standard.
Other skills and qualifications sought after in this profession are knowledge of current technological developments and trends, auditing concepts and principles, general accounting principles, and a solid grasp of federal, state, and local laws, regulations, and standards governing all aspects of the utilization of computer systems
A CISA must possess the ability to evaluate and review a range of mainframe, PC, and distributed production and applications computer systems, to gather data, compile information, and prepare reports, perform control reviews on systems development, operation, programming, control, and security procedures and standards.
CISA is ranked as the third highest-paying certification according to a survey by Global Knowledge in 2014. Â One of the highest-paying positions with a CISA certification is that of Internal Audit Director, who makes $136,082 a year (USA 2018). Other job titles associated with CISA are IT Auditor, Senior IT Auditor, Information Technology Manager, Information Security Auditor or Manager, Internal Auditing Manager, Information Systems Auditor or Audit Manager. Wages typically range from $52,459 to $122,326 for a professional holding the CISA certification. (USA 2018)
Webopedia’s Top 10