Embed Size (px)
Citation preview
CISA CERTIFICATION: AN OVERVIEW
Presented byMd. Al ImranM.Sc in MISS
CEH v8, ISO 27001 LA
THE CISA CERTIFICATION Certified Information Systems Auditor (CISA) is offered by
Information Systems Audit and Control Association (ISACA). CISA Examination is open to all individuals and no
prequalification or education required. CISA certification provides an avenue for gaining insights
into the various aspects of Information systems audit, security and internal controls.
CISA certification is a base requirement for an InformationSystems Auditor.
THE CISA CERTIFICATION CISA examination and subsequent certifications aid the
candidatewith knowledge required to - Conduct IS Audits Frame security policies and procedures Implement Security policies and procedures Manage Information Technology Direct and Govern Information Technology
CISA CERTIFICATION: ELIGIBILITY, REQUIREMENT, PROCESSCISA certification
Required work experienceA minimum of 5 years of professional information systems auditing, control or security work experience
The work experience for CISA certification must be gainedWithin the 10-year period preceding the application date forcertification; OR
Within 5 years from the date of originally passing the examProcess
Complete and submit a CISA Application for Certification listing the details of professional experience in information systems auditing, control or security work
CISA CERTIFICATION: MAINTENANCE CISA Certification Maintenance
Minimum of 20 contact hours of CPE annually; andMinimum of 120 contact hours during a fixed 3-year
period
CISA CERTIFICATION: EXAMINATION STRUCTURENumber of Questions
Exam is paper and pencil basedThe exam consists of 150 questions multiple choice
questions (MCQs)No negative marking
Duration of Exam4 hours or 240 minutes1.6 minute per question
Passing ScoreFor passing a candidate must receive a scaled score of
450 or higher to pass the exam out of the 800 scale score. A score of 450 represents a minimum consistent standard of knowledge.
CISA CERTIFICATION: READING MATERIALSCISA Review Manual 2016/2015 (ISACA
Official Publication)CISA Review Questions, Answers &
Explanations Manual, 11th Edition (ISACA Official Publication)
Additional resources from Internet.At least One Mock Test
CISA CERTIFICATION: READING STRATEGIESWhat I have followed
Reading CISA Review Manual thoroughly (at least 2 times)Practicing CISA Review Questions, Answers & Explanations
Manual until not understood the terms, language and concept of the questions
Maintaining regularityUnderstanding the conceptPlease don’t memorize anything, it will not work at the
exam.Group discussion
Note: This method does not work for all, so judge yourself what you like and go for that
QUESTIONS OVERVIEW The document used by the top management of organizations to delegate
authority to the IS audit function is the:
A. long-term audit plan.B. audit charter.C. audit planning methodology.D. steering committee minutes.
Answer: BThe audit charter outlines the overall authority, scope and responsibilities of the audit function to achieve the audit objectives stated in it. This document serves as an instrument for the delegation of authority to the IS audit function. Long-term audit planning relates to those aspects of the audit plan that are impacted by the organization’s IT strategy and environment. Audit planning commences only after the audit charter has been approved by the highest level of management. The audit planning methodologies are decided upon based on the analysis of both long- and short-term audit issues. The steering committee minutes should address the approval of the audit charter but is not the driver that delegates authority.
QUESTIONS OVERVIEW CONTD.. To reduce the possibility of losing data during processing, the
FIRST point at which control totals should be implemented is:
A. during data preparation. B. in transit to the computer. C. between related computer runs. D. during the return of the data to the user department.
Answer : A Explanation:
During data preparation is the best answer, because it establishes control at the earliest point.
QUESTIONS OVERVIEW CONTD.. Information for detecting unauthorized input from a terminal
would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.
Answer : B Explanation:
The transaction journal would record all transaction activity, which then could be compared to the authorized source documents to identify any unauthorized input. A console log printout is not the best, because it would not record activity from a specific terminal. An automated suspense file listing would only list transaction activity where an edit error occurred, while the user error report would only list input that resulted in an edit error.
QUESTIONS OVERVIEW CONTD.. Information for detecting unauthorized input from a terminal
would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.
Answer : B Explanation:
The transaction journal would record all transaction activity, which then could be compared to the authorized source documents to identify any unauthorized input. A console log printout is not the best, because it would not record activity from a specific terminal. An automated suspense file listing would only list transaction activity where an edit error occurred, while the user error report would only list input that resulted in an edit error.
QUESTIONS OVERVIEW CONTD.. The MOST effective way to ensure that outsourced service
providers comply with the organization’s information security policy would be:
A. service level monitoring. B. penetration testing. C. periodically auditing. D. security awareness training.
Answer : C Explanation:
Regular audit exercise can spot any gap in the information security compliance. Service level monitoring can only pinpoint operational issues in the organization’s operational environment. Penetration testing can identify security vulnerability but cannot ensure information compliance. Training can increase users’ awareness on the information security policy, but is not more effective than auditing.
QUESTIONS OVERVIEW CONTD.. A project manager of a project that is scheduled to take 18
months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:
A. what amount of progress against schedule has been achieved.
B. if the project budget can be reduced. C. if the project could be brought in ahead of schedule. D. if the budget savings can be applied to increase the
project scope. Answer : A
QUESTIONS OVERVIEW CONTD.. Explanation:
Cost performance of a project cannot be properly assessed in isolation of schedule performance. Cost cannot be assessed simply in terms of elapsed time on a project. To properly assess the project budget position it is necessary to know how much progress has actually been made and, given this, what level of expenditure would be expected. It is possible that project expenditure appears to be low because actual progress has been slow. Until the analysis of project against schedule has been completed, it is impossible to know whether there is any reason to reduce budget, if the project has slipped behind schedule, then not only may there be no spare budget but it is possible that extra expenditure may be needed to retrieve the slippage. The low expenditure could actually be representative of a situation where the project is likely to miss deadlines rather than potentially come in ahead of time. If the project is found to be ahead of budget after adjusting for actual progress, this is notnecessarily a good outcome because it points to flaws in the original budgeting process; and, as said above, until further analysis is undertaken, it cannot be determined whether any spare funds actually exist. Further, if the project is behind schedule, then adding scope may be the wrong thing to do.
REFERENCE http://www.slideshare.net/iAthena/cisa-certification-an-overvi
ew-50830152?qid=d2b8cee8-bca5-4794-bc50-e715d5d3f445&v=&b=&from_search=1
www.isaca.org https://itauditsecurity.wordpress.com/2016/01/12/free-cisa-ex
am-practice-questions/ https://www.wiziq.com/tests/cisa-mock-test
