ISACA – Information Systems Audit and Control Association

-ISACA is an independent, nonprofit, global association that engages in the development, adoption and
use of globally accepted information system (IS) knowledge and practices.

- provides guidance, benchmarks and governance tools for enterprises that use information systems

- hosts a series of international conferences that focus on both technical and managerial topics relating
to IS assurance, control, security and IT governance

- also developed and continually updates COBIT, a business framework designed to help enterprises
across industries manage their information and technology

COBIT - Control Objectives for Information and Related Technology

- is a framework for developing, implementing, monitoring and improving information technology (IT)
governance and management practices

Principle 1: Meeting Stakeholder Needs

Principle 2: Covering the Enterprise End-to-End

Principle 3: Applying a Single, Integrated Framework

Principle 4: Enabling a Holistic Approach

Principle 5: Separating Governance From Management

Governance refers to oversight and decision-making related to strategic direction, financial planning,
and bylaws- the set of core policies that outline the organization's purpose, values, and structure.
Governance decisions should provide guidelines for management

Management refers to the routine decisions and administrative work related to the daily operations of
the organization. Management decisions should support or implement goals and values defined by
governing bodies (such as the Board of Directors) and documents (such as the bylaws).

CISA – Certified Information Systems Auditor

- is a certification issued by ISACA for the people in charge of ensuring that an organization's IT and
business systems are monitored, managed and protected

- is a globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in
assessing vulnerabilities and instituting technology controls in an enterprise environment. It is designed
for IT auditors, audit managers, consultants and security professionals.

How to become a CISA certified?

- CISA certification requires a minimum of 5 years of professional work experience in information

systems auditing, control or security.

- A maximum of 1 year of information systems experience or 1 year of non-IS auditing

experience can be substituted for 1 year of experience
 - Sixty (60) to 120 completed university semester credit hours (the equivalent of a 2 or 4-year
degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years,
respectively, of experience.

- A bachelor's or master's degree from a university that enforces the ISACA-sponsored Model
Curricula can be substituted for 1 year of experience.

- A master's degree in information security or information technology from an accredited

university can be substituted for 1 year of experience.

- Two years as a full-time university instructor in a related field (e.g., computer science,
accounting, information systems auditing) can be substituted for 1 year of experience.

- In order to become CISA certified, applicants must pass the CISA examination with a score of 450 or
higher (scored on a scale of 200 to 800)

The CISA exam is four hours long and consists of 150 multiple choice questions set around five job
practice domains:

The process of auditing information systems.

Governance and management of IT.

Information systems acquisition, development and implementation.

Protection of information assets.

Information systems operations, maintenance and service management.

- The exam is administered in June, September and December in testing locations worldwide. Besides
English, it is also offered in other languages, including Chinese Mandarin Simplified, French, Japanese,
Korean and Spanish.

- After achieving CISA certification, CISAs must maintain it by undergoing 20 hours of training per year
and a minimum of 120 hours in a three-year period. This training is to ensure that CISAs stay up to date
and proficient in their fields.

- 50 percent of passing every year