What is a Certified Information Systems Auditor?

The Certified Information Systems Auditor (CISA) program is recognized around the IT world as the leading IT audit and governance credential. The certification is popular among IT professionals who deal with IT security management and assessments. This credential is offered through the Information Systems Audit and Control Association (ISACA). The exam is quite difficult, so the failure rates are very high.

The Initial Path of Certification

The first step is to pass the exam, which is open to anyone who wants to work with IT audits, controls and security. Exam resources and preparation tools are available through the website and local chapters of ISACA. Once a person passes the exam, they must prove they have adequate and appropriate work experience. Applicants must have at least five years of professional experience with IT audits, security and controls. Applicants may apply to add up to three years of experience if they meet certain requirements.

For example, one year of non-IT auditing experience can be substituted for one year of IT auditing experience. A two-year degree equals one year of experience and a four-year degree equals two years of experience. Candidates who earned their bachelor’s or master’s degree from an approved university quality for one year of experience. These universities must incorporate ISACA-based curricula into the degree content and requirements. All work experience must be accumulated 10 years after the application date or within five years of passing the test.

Resource: Top 10 Online Accounting Degree Programs

The Continuing Path of Certification

Once they are officially certificated, information systems auditors must pledge and maintain adherence to the ISACA’s Code of Professional Ethics. These guidelines apply to the person’s personal and professional lives. The Continuing Professional Education (CPE) policy requires information systems auditors to maintain their competency, skills and knowledge through attending and successfully passing college-level classes or accredited training seminars and workshops.

The Continuing Professional Education program helps information systems auditors increase the efficiency and quality of their companies’ IT audit, control and security programs. Auditors must complete at least 20 hours each year, comply with the Information Systems Auditing Standards and pay recertification maintenance fees. Although the ISACA does not require it, information systems auditors who conducting Federal audits must maintain their knowledge of official Government Auditing Standards like FISMA FISCAM, OMB A-130 and OMB A-123.

Information Systems Auditor Careers

Information systems auditors may be called IT auditors, compliance analysts and internal controls consultant. IT auditing is the laborious process of collecting and evaluating data intensive evidence from information systems, policies, practices and operations. IT auditors look at physical controls, such as locked server rooms and scannable security badges, and digital controls, such as strict user account administration. IT auditors also review financial controls and operational policies.

IT auditors help their clients keep data secure, comply with legislation, streamline processes and maintain accurate records. IT auditors do not force fixes or implement changes. Instead, they offer independent reviews of compliance, efficiency, vulnerabilities and performance. They may suggest new IT controls for business processes and IT management based on industry best practices and ISACA standards. IT auditors may create customized test plans and use diagnostic software to assess operation integrity and control effectiveness.

A Certified Information Systems Auditor (CISA) is an IT professional who analyzes data, systems, processes and applications to determine the scope and performance of IT controls. They execute test plans, document results and develop deficiency plans and remediation goals.