Making the Mark: The Importance of Certification

John Lainhart recalled hearing what he describes as a “blood-curdling yell” while on the phone with Electronic Data Processing Auditors Association office manager Marian King. King was watching in amazement as a mailman dragged bags of certification applications to King’s home in suburban Chicago in June 1979 as the deadline neared for the grandfather provision of the organization’s first certification program. While that first certification’s name was later changed from Certified Data Processing Auditor to Certified Information Systems Auditor (CISA), and the name of the association itself later changed from EDPAA to ISACA, certification has been a cornerstone from the organization’s early days. “I wasn’t surprised in the interest,” said the late Lainhart, who then served as director of certification and later became board president. “But I certainly was surprised that two-thirds of the applications would come in the last two days [before the deadline].”

Not only has ISACA long provided the knowledge resources needed for its professional community to excel on the job, but also the credentials to demonstrate that capability to employers.

ISACA’s certification program has been a leading component in the organization’s global cachet, beginning with CISA. That credential reached its 40-year milestone in 2018, and has been regarded for decades as the globally accepted “gold standard” for IS audit, control and assurance professionals. More than 130,000 professionals have earned the CISA designation since its introduction in 1978.

CISA has achieved remarkable staying power, meriting SC Media’s Best Professional Certification Program designation in 2017 and ranking as the most popular cyber certification in all regions outside North America in the 2019 IT Skills and Salary Report conducted by Global Knowledge. It routinely ranks among various industry certifications lists for high pay and positioning credential-holders for success, while remaining a must-have credential in the eyes of hiring managers around the world.

“We desire our IT audit team members to have a CISA certification because we view members of ISACA and those certified by ISACA to be highly skilled and very qualified for our IT audit positions,” said Krysten McCabe, CISA, director of The Home Depot’s Assurance & Advisory Management Program.

ISACA’s credential portfolio has evolved as the organization has matured. The Certified Information Security Manager (CISM) certification was established in 2002; Certified in the Governance of Enterprise IT (CGEIT) was introduced in 2007; and Certified in Risk and Information Systems Control (CRISC) debuted in 2010. Each of the certifications has proven to be in hot demand among technology practitioners and their enterprises, with all four landing on Global Knowledge’s list of top-paying IT certifications for 2019.

Most recently, in response to a rising demand for skilled cybersecurity practitioners, ISACA introduced the CSX Practitioner (CSX-P) credential in 2015. CSX-P quickly made its mark as the first vendor-neutral, performance-based certification for cybersecurity professionals. The exam measures cybersecurity proficiency in a virtual lab environment using real-world scenarios.

Just as the exam content for ISACA’s certifications have continually been refreshed to keep pace with the evolving enterprise landscape, so to have exam delivery methods and accessibility. The CISA, CISM, CGEIT and CRISC exams are now administered via computer based testing, and exam testing windows and locations have greatly expanded.