Certified Information Systems Auditor

The Certified Information Systems Auditor ( CISA ) is a globally recognized certification in the area of ​​auditing, control and security of information systems. Since its introduction in 1978, more than 75,000 people in 160 countries have been certified as CISA. Due to the worldwide distribution and uniform certification criteria, the certification has a high degree of awareness and recognition in the areas of IT security, IT auditing, IT risk management and governance. Job advertisements in the areas of IT security management, IT auditing or IT risk management often ask for CISA certification. The certification is considered demanding and is associated with a high failure rate.

CISA is awarded by the Information Systems Audit and Control Association ( ISACA ).

Obtaining the certificate

The CISA certificate can be requested from ISACA if the following conditions are met:

• passed CISA exam
• Experience as an auditor of IT systems
• Compliance with the code of ethics
• Continuous training (at least 120 hours in 3 years, at least 20 hours per year)
• Compliance with the standards for auditing information systems
• Full payment of annual maintenance fees
• Answering and submitting the required documents for the completed vocational training measures in the event of a sample check

ISACA membership

The CISA certification is not tied to membership in the worldwide ISACA umbrella organization and the local (mostly national) so-called chapter.

exam

The globally standardized computer-based CISA exams are offered three times a year. The exam consists of 150 questions from the following five areas of CISA professional practice:

• The IT audit process
• IT governance and IT management as well as business continuity management
• Procurement, development and implementation of information systems
• Operation, maintenance and support of information systems
• Information security

They must be answered in four hours using the multiple choice procedure . The candidate can achieve a maximum of 800 points. With at least 450 points the exam is considered passed.

At least five years of professional experience in auditing IT systems must be proven. Similar professional experience or relevant university education can be credited according to a defined key. A CISA applicant ensures compliance with an ISACA code of ethics. In order to obtain and maintain the CISA certification, evidence of at least 20 hours of continuing education must be demonstrated per year and 120 hours in a three-year period. A CISA applicant affirms that they will comply with the ISACA auditing standards when performing audits.

See also

• CIA , Certified Internal Auditor
• CISM , Certified Information Security Manager
• CGEIT , Certified in the Governance of Enterprise IT
• CISSP , Certified Information Systems Security Professional
• TISP , TeleTrusT Information Security Professional

Web links

• Official website of ISACA
• Official website of the German ISACA chapter
• Official website of the Swiss ISACA chapter
• Official website of the Austrian ISACA chapter

Individual evidence

1. ^ ISACA website: What is CISA
2. ↑ Job advertisements at monster.de
3. ↑ ISACA website: How to become certified
4. ↑ ISACA Germany Chapter: Information on the CISA exam
5. ↑ ISACA website: CISA Frequently Asked Questions