Information
Systems Audit, Security and Control & The Certified Information Systems
Auditor Program
- Krishnakant Duggirala
About the Author:
|
Krishnakant Duggirala
is a B.Com, CISA and is presently employed with Ernst & Young
International, Middle East Operations as Senior Consultant. and has been in the field of Information Systems Audit for 5
years. He is also the member of the Quality Assurance team of ISACA that is
involved in the review and publication of the CISA technical review manual. He can be reached at kduggirala@email.com
|
.jpg)
|
Introduction:
Information
Systems Audit essentially revolves around the review of automated Information
Systems, related infrastructure and the process of development of Information
Systems (aka. Systems Development Life Cycle). The text book definition of IS
Audit is " any audit that encompasses the review and evaluation of all aspects
(or any portion) of automated information processing systems, including
related and non-automated processes and interfaces between them." In
parlance the profession is similar to that of Chartered Accountants, though not
entirely like them, As CISAs we are also required to conduct periodic audits but
unlike Chartered Accountants the area of review is Information Systems.
The need for CISAs (Certified
Information Systems Auditors) is ever growing, what with the spread
of Information Technology into our day to day life.
Who can conduct an IS audit…
IS audit can be conducted by any person
having a reasonably good understanding of business processes involved,
information processing systems, security, controls and a fair bit of understanding
of information technology. The individual can also acquire an internationally
acclaimed certification called CISA " Certified Information Systems
Auditor ". There are currently 16000 CISAs world-wide.
About the examination...
There
is no pre-qualification required to take up this examination. The examination
is conducted once a year simultaneously in 90 countries and 340 centers
in 7 languages, across the world by the Information Systems Audit and
Control Association, Illinois USA, www.isaca.org.
Candidates appearing for the examination are statistically ranked on
a common platform and are awarded percentile points and have to score a
minimum of 75 percentile points to pass the exam. The examination pattern
involves an objective type examination that lasts for 4 hrs consisting of 200
questions that tests the candidates knowledge of Security and Control concepts
in Information Systems. The Association charges the candidates a testing fee
that varies on the status of the candidate being a member of the association or
otherwise. The fee structure is as follows:
Examination
Fee: US$ 295 for members
US$ 380 for non-members
The association charges
US$100 per annum for the membership apart from US$15 for the local Chapter
membership to which the candidate is affiliated. The
Bangalore Chapter can be contacted for up-to-date information on the
rates, which the association changes from year to year. www.isacabangalore.org
There are about 7 to 8 local chapters in India...for a complete list with
addresses and contact numbers please visit the www.isaca.org
website and look for the same under Asia in the chapters section . I
would recommend taking up the membership since the association provides the
member with an IS Audit Journal, a bi-monthly publication that comes as good
'rare to find' reading material for all CISAs and CISA aspirants. The
exam is conducted in Bombay, Delhi, Calcutta, Madras and Bangalore.
Study
Material
Unlike other courses the candidate
has to purchase study material and is not provided the same free of cost. The
must read material in my limited opinion are 1)
EDP Auditing - Conceptual foundation by Ron Weber.... (one of the only text
books available in India) 2) CISA
Technical Review Manual - Published by the association from year to year and
costing roughly US$110 inclusive of postage There
are a lot many books referred to in the review manual which the candidate might
want to buy from the association in the USA (since he can avail of discounted
rates for members). However when the candidate must also peruse through the
candidates guide to the examination that is provided free of cost when he
applies for the examination. This essentially gives you the direction to study
and prepare for the examination. Additionally
I recommend that the candidate takes mock exams by using the CISA Question
and Answer manual which contains close to 300-400 questions since there are
no previous years question papers concept in this program. The
candidate can also attend classes that are conducted by the local chapter which
are generally taken by CISAs.
Some
tips...
Though the examination does not
require any rep-qualifications, I would suggest that the candidate acquires the
following: a) Some conceptual foundations of
the prevalent technology such as networking, internet, e-commerce to name just a
few b) A thorough understanding of the Systems
Development Life Cycle and the role that the auditor plays in the same. c)
Lastly develop an aptitude for auditing if you do not already have one...
|
