Anyone can succeed with the right information and tools. One of the best ways for information systems professionals to ensure career success with all its attendant benefits is to earn ISACA's CISA certification. The CISA certification has made a tremendous difference in the lives of thousands of people across the globe. In fact, it is one of the certifications that will retain its relevance because of several drivers discussed below.
Increasing criticality of information. Decades ago, traditional assets like land, buildings, oil wells, gold and cash used to be the main considerations for businesses. In this century, it is possible to run a multi-million dollar business with a single laptop and internet connection. Data life cycle management has become extremely critical to the survival of businesses. For organizations regardless of size or geography, information is the business. Because of their expertise in the areas of IS audit, controls, assurance and security, CISA certification-holders will continue to be in demand, as they have been for the past 40 years.
Increased sophistication of cyberattacks. Denial of service, ransomware, phishing, spam, zero-day attacks and other threats are becoming rampant, causing extensive losses to individuals and businesses. Research has shown that businesses lose up to 5 percent of their annual revenue to fraud and irregularities. This reality is prompting many businesses to implement preventive controls by hiring CISA certification-holders to provide assurance on information security and risk management.
Improved governance awareness from boards of directors. ISACA frameworks such as COBIT, Val IT and Risk IT have yielded considerable fruits as business leaders have become more open to the alignment of IT and the business. This commitment from boards of directors is making approval of funds and setup of assurance functions easier than before for many organizations.
Increasing pressure from the regulatory authorities. For many businesses, it is no longer business as usual. Regulators are coming up with stringent rules with dire consequences in cases of non-compliance. The Sarbanes-Oxley Act (SOX) changed the face of corporate reporting in the US, with ripple effects felt globally. More recently, this year, the General Data Protection Regulation (GDPR) began affecting businesses that process personal data of European customers. In order to ensure compliance, businesses will need the services of CISA-certification holders for implementation and audit of the processes.
Increasing relevance of standards and IT frameworks. Certifications and frameworks by bodies such as the International Organization for Standardization (ISO) are fast becoming tools for competitive edge. Globalization is shifting the advantage to the customers, who can be more discerning in their purchase decisions. ISO 27001, ISO 22301, ISO 20000, ITIL, COBIT 5, PCI DSS and other frameworks are being implemented as a result of regulatory directives and as an agent of differentiation. This trend is creating opportunities for CISA certification-holders, who are hired to implement and audit the related considerations.
Increasing disruptive trends in computerization. The reduction in pace of digital change is nowhere in sight. We are now talking of smart cities, e-government, blockchain technology, mobile banking, and so on. Artificial Intelligence and robotics engineering are taking over the manufacturing and aviation sectors. The increased dependence on technology will ensure that CISA certification-holders continue to be needed for assurance and security functions. The certification is being updated to keep pace with the changing technology environment.
With all these benefits for CISA certification-holders, you should consider taking the CISA exam. Here is some guidance on approaching the exam:
Attend an online or classroom lecture. I am an advocate of learning from CISA veterans who can share their own academic and field “war stories.” Their experience can position you to pass with ease.
Master the knowledge statements. Every domain has task and knowledge statements. The task statements contain tasks you should be able to carry out at the end of the study. The knowledge statements contain knowledge you are supposed to have at the end of the study. After reading through a domain, review the knowledge statements to determine if you understand the required concepts. In order to ensure that you have mastered the concepts, read through the CISA Review Manual at least twice (I did it thrice).
Realize that the database is non-negotiable. It is difficult (perhaps impossible) to pass the CISA exam without effectively using the database. Read through the database at least twice. Do not cram the answers. Focus on the detailed justifications made in determining the correct answers.
Choose your answers using the elimination method. The greatest challenge with the CISA exam is that there are similarities among the answer options. This is where many candidates make wrong decisions. Do not just pick an option that “jumps” at you. Analyze each option carefully and justify its correctness or incorrectness based on your knowledge of CISA concepts.
Get practical IS audit experience. Having practical IS audit experience will help you to pass the CISA exam with ease. Arrange for a relevant internship, part-time work or full-time work. If this is not possible, interact with professionals, attend ISACA local chapter meetings/conferences and read articles written by IS audit veterans.
In conclusion, the CISA certification will open doors for global opportunities. Thousands of CISA-certified professionals all over the world will confirm to you that CISA is an investment worth making – perhaps now more than ever.