Here are the most frequently asked questions, which we hope will clarify most of your doubts. In case you need further details you can log on to www.isaca.org/cisa
What is CISA?
CISA stands for Certified Information Systems Auditor. It is a globally accepted certification exam conducted by ISACA twice a year – June and December. The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. Since 1978, the Certified Information Systems Auditor (CISA) program, sponsored by ISACA®, has been the globally accepted standard of achievement among information systems (IS) audit, control and security professionals.
What is ISACA?
ISACA is Information Systems Audit and Control Association, a pace-setting global organization for IT governance, control, security and audit. Its IS auditing and IS control standards are followed by practitioners worldwide. Their website is www.isaca.org.
Why CISA exam?
Controls are an essential feature of any Information System. Studying for CISA will enable one to understand international best practices in the area of Information Systems Controls. It further enables one to understand the need to improve the security and efficiency of IT operations.
CISA is recognized worldwide, by all industries, as the preferred designation for IS audit, control and security professionals. More than 60,000 professionals have earned the CISA since inception, so clearly many people agree: earning the CISA is a good career move.
Who can appear for the exam?
The exam is open to all. There are no eligibility requirements. Software professionals, Chartered Accountants, auditors, Banking professionals, executives and government officials take up this exam for its applicability, international recognition, career enhancement options, and for improving their organizational systems.
How to apply for CISA?
Please visit www.isaca.org/cisaexam. In this page, you see links for Registration as well as other info relating to the exam. There is also a FAQ section. You can download the Bulletin of Information regarding the CISA Exam from http://www.isaca.org/cisaboi.
When is the next exam date? What is the last date for registration?
CISA exam is generally held on the second Saturday of June and December each year. The next exam is scheduled for Saturday, 11th December, 2010. The last date for registration with early bird incentive is 18th August, 2010 and the final registration deadline is October 06th, 2010.
What is the exam fee?
ISACA Member |
NON-ISACA Member |
|
| Early registrations received on or before 18th August, 2010 | US $415 | US $545 |
| Final registrations received by 06th October, 2010 | US $465 | US $595 |
Exam fee is dependent on whether you are paying online or offline and also when you are registering for the examination. Online payments have a $50 rebate in the exam fee. In addition, you are also entitled to a $50 early bird incentive in case you register before Feburary 10th , 2010.
You can also explore becoming a member and register for the exam simultaneously. On becoming a member online and paying the registration fee simultaneously, you have to pay a marginally higher amount, but by paying this higher amount, you become entitled to all membership benefits including the ISACA Journal, access to the online ISACA Library, concession at the Local Chapter CISA Review Class and also attendance at the local chapter events.
What are the test centers in India?
There are 17 Test centres in India.
Code |
City |
Code |
City |
| 7501 | Chennai | 7502 | Mumbai |
| 7503 | New Delhi | 7504 | Kolkata |
| 7505 | Bangalore | 7506 | Hyderabad |
| 7507 | Coimbatore | 7508 | Pune |
| 7509 | Cochin | 7510 | Ahmedabad |
| 7512 | Nagpur | 7513 | Jaipur |
| 7514 | Aurangabad | 7516 | Navi Mumbai |
| 7517 | Vijayawada | 7518 | Solapur |
| 7519 | Kolhapur |
What happens, if after registering, one decides not to take the exam?
One can either withdraw from appearing for the exam or defer taking the exam to a future date. There is a scheme for deferring the exam on payment of a fee. The exam can then be taken at the next opportunity. Full details are available at http://www.isaca.org/examdefer.
What is the exam like and what are the passing marks?
The paper consists of 200 multiple-choice questions to be answered in 4 hours, covering six chapters viz.
- IS Audit process
- IT Governance
- Systems and Infrastructure Lifecycle Management
- IT Service Delivery and Support
- Protection of Information Assets and
- Business Continuity and Disaster Recovery.
Candidate scores are reported as a scaled score. A scaled score is a conversion of a candidate’s raw score on an exam to a common scale. ISACA uses and reports scores on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass the exam.
if you are eager to test yourself with a sample test , please visit
www.isaca.org/cisasamplequestions
What are the reading materials required?
a) ISACA publishes CISA Review Manual (CRM) every year and that is the basis for starting studies. It is available for purchase from www.isaca.org. The cost is $105 for members, and $135 for non-members. The textbook ‘IS Audit and Control’ by Ron Weber is another good resource.
b) The CISA Practice Questions Database V8 English Edition (CD-ROM) Cost: $160 for members, and $195 for non-members. It combines the 700 questions, answers and explanations included in the CISA Review Questions, Answers & Explanations 2008. This helps you to understand how exam questions are framed. Website download is also available.
c) IS Audit guidelines, procedures, Control Objectives in Information Technology (COBIT version 4.1) – 40 guidelines have been published by ISACA on various aspects such as General Usage of Internet, VPN, Internet Banking, Privacy, etc. A reading of these will give you what ISACA’s thinking is on these areas. A definite bet for choosing correct answers in the exam. The guidelines, procedures and control objectives can be downloaded from www.isaca.org.
d) Other websites for reference include:
www.isaca.org/glossary for a glossary of terms
www.whatis.com and www.webopedia.com -- for learning about various terms / acronyms that you do not understand.
www.cio.com/abcs -- for understanding the basics of new technologies.
www.howstuffworks.com -- for understanding the basics of computers, internet, DNS, wireless, etc.
How to prepare?
Read, read, read… Understand the subject; Highlight important points; if you are used to group study, please do so. Group study does help in sustaining momentum / motivation, sharing of knowledge and understanding various perspectives. Primarily, the exam tests your conceptual understanding of various technologies, processes, risks, controls, audit and governance techniques.
Generally, it takes three to six months (2 hours of study a day) to prepare and be confident of facing the exam, depending on the individual’s experience and exposure to the content areas, and grasp of new concepts. It is best to complete one reading of CISA Review Manual in the first 2 months. One idea would be to take a dummy test first (of say 50 questions, to see where you stand), then, after one reading of CRM take the same test again and see the improvement made. It is preferable to take tests after studying each chapter, and then retake these tests after a gap of one month to see if any mistakes have been repeated. These will be the concepts that you have to get right.
Are there any classes available for preparing for the CISA Exam?
The Vijayawada Chapter of ISACA conducts classes for every batch of the examination. These classes are conducted every Sunday and holidays starting from the last Sunday of July and go on till the weekend before the exams. They are generally conducted from 8.30 am to 12.30 am. In some cases, classes are also held on Saturdays. The classes are generally held in a central convenient location. The fee for the classes will be announced in July.
Classes are conducted by experienced faculty who have passed the exam and have experience in their respective domains. Mock Tests are conducted at the end of each Chapter and two full mock tests are conducted at the end
For persons who are unable to attend classes over such an extended period of time, the Vijayawada Chapter also conducts a CISA Quick Refresher Course for 4 full days sometime in August / September.
I am not in the field of IT. Can this be a barrier to taking the CISA exam?
Normally, in India, 3 groups of professionals appear for CISA—Technical professionals (hardware/software/telecom, etc.), Bankers and Chartered Accountants. The results are evenly spread among the 3 groups meaning that no particular group is at an advantage or disadvantage. For understanding the concepts, technical knowledge is necessary but this does not mean one should have previous experience. The questions in the exam are mostly managerial in nature, to answer which the first pre-requisite is a thorough understanding of concepts. A little bit of technical knowledge does help but this may also lead one to complacency. Open mind, eagerness to absorb knowledge / new concepts and sustained efforts will surely result in success.
Annexure - CISA Content Areas
| Content-Based Area | % of Exam |
| 1 IS Audit Process | 10 |
| 2 IT Governance | 15 |
| 3 Systems and Infrastructure Lifecycle Management | 16 |
| 4 IT Service Delivery and Support | 14 |
| 5 Protection of Information Assets | 31 |
| 6 Business Continuity and Disaster Recovery | 14 |
Content Area 1: IS Audit Process (10%)
IS Audit function, IS Auditing Standards and Guidelines, Risk Analysis, Internal Controls, Control Self Assessment, IS Audit process etc.
Content Area 2: IT Governance (15%)
Monitoring and Assurance Practices for Board and Executive Management, IS strategy, Policies and Procedures, Risk Management, IS Management Practices, Auditing IT Governance Structure and Implementation etc.
Content Area 3: Systems and Infrastructure Lifecycle (16%)
Project Management Structure and practices, Business Application Development, Infrastructure Acquisition Practices, IS Maintenance Practices, Application Controls, eCommerce, EDI etc.
Content Area 4: IT Service Delivery and Support (14%)
IS Operations, Hardware, IS Architecture and software, LAN, WAN, Wireless Networks, Network Administration and Control etc.
Content Area 5: Protection of Information Assets (31%)
Infosec Management, Logical access exposures and controls, Network infrastructure security, Encryption, Firewalls, Viruses, Environmental exposures and controls, Physical access exposures and Controls, Mobile computing etc.
Content Area 6: Business Continuity and Disaster Recovery (14%)
Planning, development and testing of Plans, Recovery objectives, Incident management, RAID, Backup and restoration, Library controls etc.
You can contact us by sending a mail to contact@isacavijayawada.org