ISACA’s Certified Information Systems Auditor (CISA) certification is a gold standard that marks an individual’s expertise in auditing and managing information systems, protection of information assets, information systems acquisition, and operation. The Certification program is ANSI accredited, and more than 151,000 people hold this certification currently. It is a massive boost to your career and income. Naturally, there is a huge demand for it.

The basic eligibility is having work experience in the required field, a fee of $575 (for ISACA members), or $760 (for non-members) and an application processing fee of $50, which is non-refundable. So, the certification process is much simpler and faster.

QUALIFICATIONS TO BE CISA CERTIFIED

• Completing the CISA Examination: All eligible candidates with interest in information systems auditing, control, and security can take the examination. Successful candidates are provided all the required information to apply for the certification along with their passing scores.
• Adhering to the Code of Professional Ethics: ISACA members and/or CISA certification holders have to adhere to a Code of Professional Ethics to maintain professional and personal standards.

These ethics include:

1. Supporting and complying with appropriate standards of maintenance and governance of information systems and technology.
2. Objectively performing duties with due diligence and professionalism.
3. Serving in the interests of stakeholders with appropriate conduct and character.
4. To maintain privacy and confidentiality of information in the course of activities unless there is a legal intervention.
5. Maintaining competency and taking tasks that can be reasonably completed under their skillset and knowledge.
6. Informing involved parties about the results and significant facts that may distort the results.
7. Supporting professional education of stakeholders to help them better understand the governance and maintenance of enterprise information systems and technology.

Failure to comply with this Code of Professional Ethics can result in an investigation into a member’s and/or certification holder’s conduct and, ultimately, in disciplinary measures.

1. Adhering to Continuing Professional Education (CPE) Policy: Certified Individuals have to regularly update their existing knowledge in the required field of Information Systems, auditing, control, and security to maintain competency.
2. This helps in differentiating qualified CISA holders and people who have not met the qualifications for the continuation of their certification.

CISAs who successfully comply with the CPE policy will be better trained to assess information systems and technology and provide leadership and value to their organizations. The responsibility for setting the CPE requirements rests with the CISA Certification Committee. The Committee oversees the continuing professional education process and requirements to ensure their applicability.

• CISA holders agree to comply with Information Systems Auditing Standards as adopted by ISACA. ITAF is a professional practice framework for IS audit and assurance professionals to seek guidance, research policies, and procedures, obtain audit and assurance programs, and develop effective reports. The content can be accessed by downloading the ITAF from the MyISACA account.
• Demonstration of Minimum Work Experience:

1. A 5-year minimum professional work experience in audit, control, and security of Information systems is a must for the certification. This work experience has to be gained within ten years preceding the date of applying for the certification. Eligible candidates have five years to apply.
2. Substitutions and waivers to the 5-year minimum can be obtained. This waiver can be awarded up to a maximum of 3 years as follows:

• A maximum of 1-year information systems experience OR 1-year of non-IS auditing experience can be substituted for 1-year of experience.
• A 2-year or 4-year university degree (about 60 to 120 credit hours of university) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively.
• A master’s degree in information security or information technology from an accredited university can be substituted for 1-year of experience.

However, these substitutions will not satisfy any portion of the 2-year minimum information systems auditing experience requirement.

The exception in this is that every two years as a full-time university instructor in a related field such as computer science, accounting, information systems, auditing can be substituted for 1-year of experience.

It is worth noting that most candidates take the exam prior to meeting these qualifications, which is deemed acceptable by ISACA. However, the CISA designation is not awarded until all requirements are met.

Candidates must apply for the certification within five years of having passed the examination. The application payment must then be finalized, and about 3-4 weeks’ time is expected for the processing.

CISA certified individuals are highly sought after IT professionals in the industry. It offers credibility to your career and recognition among peers and stakeholders. It is an investment worth taking and working towards.