ISACA ISACA ®®

The recognized globalThe recognized globalleaders in IT governance,leaders in IT governance,control and assurance.control and assurance.

CISA/CISM ProgramsOverview

ISACA Facts

• Founded in 1969, as the EDP Auditors Association

• More than 53,000 members in over 140 countries

• More than 170 chapters in over 60 countries worldwide

CISA Certification Details

Individuals with experience providing:• IT audit and assurance services • Assurance that the organization can achieve corporate

governance of IT• Assurance that systems and infrastructure life cycle

management meets the organization’s objectives• Assurance that IT service management practices meet the

organization’s objectives• Assurance that an organization’s security architecture ensures

confidentiality, integrity and availability of information assets• Assurance that disaster recovery and business continuity plans

will ensure timely resumption of IT services while minimizing the business impact

Who is the CISA Certification Intended for?

CERTIFIED PROFESSIONALS• More than 48,000 CISAs worldwide• HK – 1133; PRC - 405

EXAM• Offered twice annually in June and December

• Offered in 11 languages, in 220+ locations

• In 2005, more than 30,000 candidates registered for the exam

CISA Certification Current Facts

CISAs by Area

Oceania3%

Central/South America

2%

North America49%

Asia/Mid-East25%

Europe/Africa20%

CISAs as our Current and Future Leaders

A current profile of CISAs demonstrates the increasing managerial influence and authority achieved by CISAs within their organizations:

• More than 1,000 CISAs are now employed in organizations as the chiefexecutive officer, chief financial officer or an equivalent executive position.• More than 2,300 serve as chief audit executives, audit partnersor audit heads.• More than 2,700 serve as chief information officers, chief informationsecurity officers, security directors, security managers or consultants.• More than 4,000 serve as audit directors, managers or consultants.• Nearly 8,000 additional CISAs are currently employed in managerial or consulting positions in IT operations or compliance.

CISA Record Growth

0

10000

20000

30000

40000

'98 '99 '00'010.02'03 '04 '05

For the eleventh consecutive year registration for the CISA exam reached a new high.

CISA ExamSome Statistics:

--11,52751.95%8,50616,375International

---15.02%47313PRC

44.63%27461448.24%260539HK

Passing %PassersCandidatesPassing %PassersCandidates

Dec/05Jun/05

Why Become A CISA?

• To fulfill a requirement of employment

• To advance in your career

• To demonstrate your willingness to improve your technical knowledge and skills

• To demonstrate to management your commitment toward organizational excellence

• To obtain credentials that employers seek

• To enhance your professional image

• To be included with other professionals who have gained worldwide recognition

CISA Certification CISA Certification ANSI AccreditationANSI Accreditation

• The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs.

• Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness, balance, consensus and due process.

CIO Magazine, SC Magazine feature provocative Foote Partners pay research (New Canaan, CT, August 17, 2005)

Pay for auditing certifications such as the Certified Information Systems Auditor (CISA) will continue to be boosted by stiff compliance requirements and independent auditor control provisions

.

Recent CISA Program Recognition – Top Pay

• U.S. Department of Defense approved obtaining a CISA among the four approved baseline certifications for IT Assurance professionals at Level III

• U.S. Federal Reserve System requires IT Examiners to obtain a CISA • Canadian Institute of Chartered Accountants (CICA) recognizes CISA as a IT

assurance specialty• The American Institute of CPAs waives all requirements to become a CITP to CPAs

and CISAs in “good standing”• Law in Korea requires that highly skilled professionals, such as CISAs, perform

information system audit and security services• The US Department of Veteran Affairs reimburses exam fees for the CISA exam • The National Stock Exchange (NSE) of India recognizes the CISA designation as an

integral facet of its system auditing guidelines. • India’s National Information Security Assurance Program recognizes the CISA

designation to assess the information security risks in public sector organizations• Microsoft recognizes CISM as a part of its Infrastructure Security and Security

Management specializations.

Other CISA Program Recognition

• Passing score on CISA Exam

• At least five years of IS audit, control , assurance and/or security experience (substitutions available)

• Adherence to Code of Professional Ethics

• Minimum 120 contact hours of continuing education every three years

CISA CertificationRequirements

CISA Job Practice CISA Job Practice

• IS Audit Process – 10%

• IT Governance – 15%

• Systems and Infrastructure Lifecycle – 16%

• IT Service Delivery and Support – 14%

• Protection of Information Assets – 31%

• Business Continuity and Disaster Recovery – 14%

2001-2005• The Audit Process (10%)• Management, Planning, and

Organization of IS (11%)• Technical Infrastructure and

Operational Practices (13%)• Protection of Information

Assets (25%)• Disaster Recovery and

Business Continuity (10%)• Business Application System

Development, Acquisition, Implementation, and Maintenance (16%)

• Business Process Evaluation and Risk Management (15%)

2006-2010• IS Audit Process (10%)• IT Governance (15%)

• Systems and Infrastructure Lifecycle (16%)

• IT Service Delivery and Support (14%)

• Protection of Information Assets (31%)

• Business Continuity and Disaster Recovery (14%)

CISA Certification CISA Certification New CISA Job PracticeNew CISA Job Practice

Types of Questions on the CISM and CISA Exams

• Each exam consists of 200 questions administered over a four (4)-hour period

• Questions are designed to test practical knowledge and experience

• All questions are multiple choice

• Questions require the candidate to choose one best answer

• Every question or statement has four options (answer choices)

Quality of the Exam

§ Job Analysis Study: determines content § Test Development Standards: ensures high

standards for the development and review of questions

§ Review Process: provides two reviews of questions by independent committees before acceptance into pool

§ Periodic Pool Cleaning: ensures that questions in the pool are up-to-date by continuously reviewing questions

§ Statistical Analysis of Questions: ensures quality questions and grading by analyzing exam statistics for each language

Administration of the CISA Exam

• Next exams: –– 9 December 2006 9 December 2006 –– 9 June 20079 June 2007

• More than 220 test sites• Offered in every city where there is an ISACA

chapter or a large interest in individuals sitting for the exam

• Passing mark of 75 (scaled score)

2006 Registration Fees Exam: 9 December, 2006

On or before 16 August 2006:ISACA Member: US $340.00Non-Member: US $460.00

After 16 August, but on or before 27 September 2006:ISACA Member: US $390.00Non-Member: US $510.00

Register OnlineOnline registration via the ISACA web site is encouraged, as candidates

will save US $35. Non-members can join ISACA at the same time, which maximizes their savings.

Bulletin of Information and Registration Form

• Sent to potential candidates in ISACA database each year• Can be downloaded from ISACA web site• Additional copies provided to ISACA chapters

Requirements for certification

Exam description

Registration instructions

ØTest date procedures

ØScore reporting

ØTest center locations

ØRegistration form

ISACA HKICPA/HKCSMembers Members Non-Members

Candidate’s Guide to the free to each paid registrant CISA Exam

CISA Review Manual 2006 (US) $105 (US) $135(HK) $800 (HK) $900 (HK) $1,000

CISA Review Questions, (US) $100 (US) $130Answers & ExplanationsManual 2006

CISA Review Questions, (US) $40 (US) $60Answers & Explanations Manual 2006 Supplement

CISA Review Questions, (US) $150 (US) $180Answers & Explanations (HK) $1,200 (HK) $1,300 (HK) $1,400CD-ROM 2006

Study Materials

Please contact our office for the purchase of the materials

ISACA HKICPA/HKCSMembers Members Non-Members

Candidate’s Guide to the free to each paid registrant CISA Exam

CISA Review Manual 2006 (US) $105 (US) $135(HK) $800 (HK) $900 (HK) $1,000

CISA Review Questions, (US) $100 (US) $130Answers & ExplanationsManual 2006

CISA Review Questions, (US) $40 (US) $60Answers & Explanations Manual 2006 Supplement

CISA Review Questions, (US) $150 (US) $180Answers & Explanations (HK) $1,200 (HK) $1,300 (HK) $1,400CD-ROM 2006

How to Develop a How to Develop a CISA Study PlanCISA Study Plan

§ A proper study plan consists of many steps• Self-appraisal• Determination of the type of study program• Having an adequate amount of time to

prepare• Maintaining momentum• Readiness review

How to Study for How to Study for the CISA Examthe CISA Exam

§ Read the Candidate’s Guide thoroughly§ Study the CISA Review Manual§ Work through the CISA Review Questions, Answers &

Explanations Manual, Supplement and CD§ Participate in an ISACA Chapter Review Course§ Read literature in areas where you need to strengthen skills§ Spend time studying the complement of your field: If

external auditor, study IS audit from the internal audit perspective and vice-versa

§ Join or organize study groups•• Participate in an Participate in an ISACA Chapter Review ISACA Chapter Review

CourseCourse

Application for Application for CertificationCertification

§ Sent to all who pass the exam§ Contains:

• Requirements for certification• Code of Professional Ethics• Instructions for completion of form• Verification of work experience for applicant form• CISA application form

CISA Continuing Education Policy Details

Continuing Education Requirements

Certification is granted annually to those who:• annually report a minimum of 20 hours of

continuing professional education• annually pay the continuing education

maintenance fee• comply with the ISACA Code of Professional

Ethics• report a minimum of 120 hours of continuing

education for each fixed three-year period

ISACA Code of Professional Ethics

Members and ISACA certification holders shall:

• Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.

• Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices.

• Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.

• Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

Members and ISACA certification holders shall:

• Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.

• Inform appropriate parties of the results of work performed; revealing all significant facts known to them.

• Support the professional education of stakeholders in enhancing their understanding of information systems security and control.

ISACA Code of Professional Ethics (cont’d)

CISA Review Course –2006 for December

• Conducted by ISACA HK Chapter• 10 weeks (Saturdays)• 14:30-18:30• Venue: To be advised• Qualified Instructors (experienced CISAs and most are ISACA

Directors and Committee members)• Fees :

– ISACA Members: HK$3,000– HKICPA/HKCS Members: HK$3,800– Others: HK$4,600

CISA Review Course –2006 for December (Timetable – Tentative)

No. Date Topics %1 02/Sep/06 Introduction, Exam Tactics2 09/Sep/06 The IS Audit Process 10%3 16/Sep/06 IT Governance 15%4 23/Sep/06 Systems and Infrastructure Lifecycle Management

[PART 1]5 14/Oct/06 Systems and Infrastructure Lifecycle Management

[PART 2] 16%6 21/Oct/06 IT Service Delivery and Support 14%6 04/Nov/06 Protection of Information Assets [PART 1]7 11/Nov/06 Protection of Information Assets [PART 2] 31%8 18/Nov/06 Business Continuity and Disaster Recovery 14%9 25/Nov/06 Exam Tactics, Wrap-Up, Presentation of Completion

Certificate, Mock Test

• Date of Exam Registration– Early Bird: 16 August, 2006– Final: 27 September, 2006

• Your Email Address must be written legibly• Exam Language – English• Your name must be completed in proper position• Test results released to Local Chapter

• www.isaca.org/cisa

Reminder

Want to know more?

Please contact us at:

CISA Coordinator:Michael HuenRocky Ho

ISACA (Hong Kong Chapter)Room B, 15/FYam Tze Commercial Building23 Thomson RoadWanchai, Hong Kong

Phone: +852 2528-3272Fax: +852 2520-0069E-mail: admin@isaca.org.hk

cisa@isaca.org.hk

Web site: www.isaca.org.hk