Information systems auditing is an essential function in the world of IT. The need for reliable, compliant, and secure systems has seen auditing processes embedded throughout most organizations on the planet, providing those with the right skills to unlock incredible career opportunities.
That being said, it is also an extremely comprehensive role. Candidates can audit governance structures, system security, data integrity, general and data application controls, and many different areas on an ongoing basis. They must also consider elements like operating procedures, communication controls, programming controls, system development standards, and so on.
Outside of their day-to-day work, systems auditors can also inform strategic thinking. Indeed, stakeholders and business transformation managers rely on their insight to ensure that areas like compliance and risk management are properly considered through the lens of bespoke corporate priorities.
In short, the role of a systems auditor should be filled by a demonstrably competent, experienced, and knowledgeable individual. But how can an organization gauge a candidate’s value? And how can auditors prove their suitability for such positions?
What is CISA?
CISA, or ‘Certified Information Systems Auditor’, is a benchmark ISACA certification. The standards for passing the exam are high, as are the prerequisites for earning the qualification itself. Because of this, CISA certification holders are highly valued – to the extent that many companies treat the qualification as a prerequisite when looking for candidates.
The certification covers five job practice domains:
- Information System Auditing Process (21 percent)
- Governance and Management of IT (17 percent)
- Information Systems, Acquisition, Development and Implementation (12 percent)
- Information Systems Operations and Business Resilience (23 percent)
- Protection of Information Assets (27 percent)
Passing the certification exam signifies a professional’s expertise across various crucial domains, as well as their ability to manage information systems for businesses and keep them free from vulnerabilities and risks.
Following the CISA standard for auditing can even improve the reputation of an IT team or department. Having such expertise on staff truly says something sincere and tangible about a company’s dedication to security and legality, as well as technical skills and the security of IT-powered products and services.
How do I qualify as a CISA?
The good news about studying for the CISA qualification is that there is only one exam to worry about. However, passing the exam isn’t necessarily the most difficult part.
To qualify as a CISA, a candidate must have a minimum of five years of work experience in professional-level auditing. Candidates are required to provide exact dates for their roles, and each job must fall into at least one CISA Job Practice Domain Area.
Certain degrees can be used in place of experience:
- 1-year waiver for an associate degree
- 2-year waiver for a bachelor’s, master’s, or doctorate degree in any field of study
- 3-year waiver for a master’s degree in Information Systems or a related field
- 2-year waiver for CIMA – Chartered Institute of Management Accountants, full certification
- 2-year waiver for ACCA member status from the Association of Chartered Certified Accountants
All experience must have occurred within ten years of the application in question.
One year of information systems experience can also be substituted for a year of auditing. Similarly, a year of conventional auditing may be used in place of IS work.
Eligibility is established at the time of exam registration and is valid for 12 months. Candidates can schedule an exam for any date during this period via remote proctoring or in-person at a test center.
After passing, a successful candidate can apply for their CISA certificate.
Regardless of whether a candidate has passed the examination, they cannot earn the CISA title until they satisfy the requirements above. This, of course, brings us back to the question: is it worth it?
What is the value of CISA certification?
While the requirements for becoming a CISA are stringent, they pay off in dividends. CISAs often demand salaries far higher than non-certified colleagues and are also in high demand in different industries and sectors the world over.
Here are just a few of the salaries CISAs can enjoy, according to Payscale:
- Chief Information Security Officer – $118,000 to $244,000 or £51,000 to £197,000
- Information Systems Audit Manager – $89,000 to $135,000 or £35,000 to £79,000
- Internal Audit Director – $110,000 to $181,000 or £35,000 to £79,000
It is worth keeping in mind that one reason CISAs are valued so well is because of their continuing dedication to their roles. CISA holders are obliged to take part in ISACA’s Continuing Professional Education (CPE) program. This training program helps users keep their skills in IT and auditing up to date.
