Certified Information Systems Auditor
The Certified Information Systems Auditor ( CISA ) is a globally recognized certification in the area of auditing, control and security of information systems. Since its introduction in 1978, more than 75,000 people in 160 countries have been certified as CISA. Due to the worldwide distribution and uniform certification criteria, the certification has a high degree of awareness and recognition in the areas of IT security, IT auditing, IT risk management and governance. Job advertisements in the areas of IT security management, IT auditing or IT risk management often ask for CISA certification. The certification is considered demanding and is associated with a high failure rate.
CISA is awarded by the Information Systems Audit and Control Association ( ISACA ).
Obtaining the certificate
The CISA certificate can be requested from ISACA if the following conditions are met:
- passed CISA exam
- Experience as an auditor of IT systems
- Compliance with the code of ethics
- Continuous training (at least 120 hours in 3 years, at least 20 hours per year)
- Compliance with the standards for auditing information systems
- Full payment of annual maintenance fees
- Answering and submitting the required documents for the completed vocational training measures in the event of a sample check
ISACA membership
The CISA certification is not tied to membership in the worldwide ISACA umbrella organization and the local (mostly national) so-called chapter.
exam
The globally standardized computer-based CISA exams are offered three times a year. The exam consists of 150 questions from the following five areas of CISA professional practice:
- The IT audit process
- IT governance and IT management as well as business continuity management
- Procurement, development and implementation of information systems
- Operation, maintenance and support of information systems
- Information security
They must be answered in four hours using the multiple choice procedure . The candidate can achieve a maximum of 800 points. With at least 450 points the exam is considered passed.
At least five years of professional experience in auditing IT systems must be proven. Similar professional experience or relevant university education can be credited according to a defined key. A CISA applicant ensures compliance with an ISACA code of ethics. In order to obtain and maintain the CISA certification, evidence of at least 20 hours of continuing education must be demonstrated per year and 120 hours in a three-year period. A CISA applicant affirms that they will comply with the ISACA auditing standards when performing audits.
See also
- CIA , Certified Internal Auditor
- CISM , Certified Information Security Manager
- CGEIT , Certified in the Governance of Enterprise IT
- CISSP , Certified Information Systems Security Professional
- TISP , TeleTrusT Information Security Professional
Web links
- Official website of ISACA
- Official website of the German ISACA chapter
- Official website of the Swiss ISACA chapter
- Official website of the Austrian ISACA chapter