ISACA CISA - 12 USEFUL TIPS FOR CERTIFICATION

That's it, have you decided to take the exam to obtain the CISA certification? You know, however, that the pass rate for the exam is not very high while the price is rather high. Despite this, the appeal of this certification, which is among the most sought after by companies and among the highest paid certifications, has convinced you. Welcome to the club!!! Now you are trapped. In addition, you are condemned to pass the exam so as not to lose your registration fees. We will try to help you with some practical advice. Why try the CISA? The world of information systems auditing has grown at breakneck speed in recent years. As a result, the demand for IS auditors and security professionals has exploded. Recently, the scope for CISA certified professionals has widened, encouraging more security professionals to take CISA certification. The result is therefore a sharp increase in demand for CISA holders. Most central banks and financial institutes around the world have started hiring CISA certified professionals to perform effective security audits. This is accompanied by a corresponding increase in wages. The salaries of CISA holders are among the highest in the field of security. This is also true of the entire IT industry in general. Today, more than 125,000 professionals worldwide have passed this certification. Among them, nearly 3,000 are members of a management committee (DG, DAF or equivalent) . CISA certification is required as a pre-requisite to be hired by the largest international audit firms. Perhaps these are the reasons that influenced your decision? On the other hand, no need to deceive yourself, your probability of passing the exam, without prior preparation, remains extremely low. CISA, a certification difficult to obtain The CISA exam is known to be difficult. As a result, it has a fairly low success rate. ISACA, the body that administers the exam, has stopped publishing information on pass rates in recent years. However, the feedback from the candidates, after receiving their results, shows an overall success rate of around 40 to 50%. This rate also depends on the regions of the world. What makes exam and certification so difficult? The question comes up often: Why is the CISA exam so tough? Here are some answers: The CISA is now an electronic format exam. It consists of 150 questions over a period of four hours. Unlike most specific certification exams from other vendors (ITIL, PRINCE2, DEVOPS, ISO 27001, etc.) the very nature of CISA means that candidates with little or no experience are quickly challenged. Indeed, one of the peculiarities of the exam is that it does not only test knowledge. The questions relate to an operational context. What we are testing is your ability to complete a task. No explicit pre-requisites are required by ISACA to take the exam . This means that many "casual" candidates from a wide variety of backgrounds (IT specialists, accountants, auditors, security professionals and many more) register for the exam, thereby creating artificial competition. . The wording of the questions is often ambiguous and subjective. Many candidates complain about the sample questions offered by ISACA. They find them too vague and not always relevant compared to the actual written exam. This is a hallmark of ISACA. We must put ourselves in the reasoning mode of the authors of the review. The emphasis is often on learning and memorizing vocabulary. A recurring remark from the candidates concerns this point. The CISA exam questions require a perfect knowledge of specific IS security vocabulary. This is one of the difficulties of this ordeal Why such a high failure rate? The examination is much less difficult than is usually perceived. Yet thousands of candidates fail on their first attempt. Experts identify a whole host of reasons. Candidates with technical or technological backgrounds often come up against the concepts of governance and auditing. While technical know-how is important, the ability to audit and manage security processes is absolutely fundamental to CISA. On the other hand, candidates from the world of auditing and accounting have great difficulty with the technical aspects of the exam which are quite specific on certain subjects. Students from these fields should better understand the basic concepts and objectives of the study program. Many experienced candidates persist in using their own approach to tackling difficult exam questions and scenarios, refusing the standard approach advocated by ISACA. So how do you prepare for the CISA exam? Now let's move on to practical advice. Here are the most important points  to keep in mind before you start  your preparation for the CISA exam. 1. Study the CISA Review Manual religiously. ISACA offers the CISA Review Manual (CRM) which serves as a unique and comprehensive guide for the exam. It is the reference book designed to guide candidates for the CISA. It provides all the details relating to the exam as well as the definition of the roles and responsibilities of an information systems auditor. Overall this manual is the best self-study guide for CISA certification aspirants. It is recommended that you read it thoroughly at least twice before taking the exam. Note however its size (over 500 pages) and its austere presentation to say the least. If you're a comic book lover, you've clearly got the wrong section! This manual exists in several languages ​​including English and French. 2. Intensely practice the preparation database questions Practicing the review questions is absolutely mandatory if you want to pass the exam. The Exam Question Database offered by ISACA is an interactive and comprehensive online resource of 1000 practice questions with answers and explanations. 12-month access to the database is available for $ 299 (for members) and $ 349 (for non-members). Be careful however, there is no French version. Prospective applicants can use the sample questions and answers to gain a better understanding of difficult concepts and topics to improve the level of their preparation. These exam questions and answers are designed to provide an overview of the CISA exam. The question and answer database is updated in line with the changing world of security auditing.  3. Think like an auditor or an accountant would The very nature of the exam requires that you think like a computer auditor or even an accountant. Don't think like a candidate for an exam. The reason? Because the emphasis is on real-world applications, you need to emphasize your skills in making the right decisions based on scenarios. When faced with hypothetical problems, you must learn to manage, evaluate and prioritize multiple tasks in order to create a profit. 4. Make the best use of ISACA's free resources The ISACA website offers a variety of royalty-free resources that are helpful in preparing for the exam. Here are some of them with the links to access them. The IT Systems Audit Framework (ITAF) provides a set of reference guides on the subject and is widely regarded as the standard. The Information Guide for candidates for the ISACA exams  (available in French). The CISA self-assessment test consists of 50 exam questions in English. The ISACA knowledge base where you can discuss in forums and download many articles and white papers that are very useful in your preparation. The CISA Glossary of Terms helps you familiarize yourself with technical IS security terms as well as exam acronyms. 5. Put CISA related blogs and articles on your reading list Applicants can also take advantage of other blogs and a large number of articles available online. They can help candidates better tackle questions from recently updated knowledge areas. Some blogs maintained by regular contributors are also a set of resources not to be overlooked. And, among these are the blogs of ISACA and that of SPOTO. If you find a site particularly interesting for candidates, you can share it by sending us a comment which we will be happy to publish. 6. Practical audit experience is important To successfully complete your CISA certification, practical experience in IT Security is an extremely useful addition. Although similar to financial or asset audits, information system audits have a very different scope. They mainly deal with information. A CISA candidate must have a clear idea of ​​business processes. In addition, he must be familiar with the definition of the scope, the planning of the audit and the audit reports. Simple experience of Information Security processes will be of great help. When possible, approach IT audit professionals or the information security department in your current organization. Take this opportunity to familiarize yourself with the roles, responsibilities and daily activities involved in CISA. Also, don't forget to inform yourself about other security activities. 7. Plan your preparation seriously Managing your learning time and properly allocating time by subject area is essential to pass the exam. Are you a professional in the field? So plan to start your preparation 3 to 5 months before the exam. Plan to devote at least 1 to 2 hours of study on a regular basis (daily or 3 times per week). In addition, we recommend that you adapt your preparation according to your professional background and your level of experience:  IT auditor with a lot of experience : 30 to 45 days of preparation based on the CISA preparation manual and exam questions with answers and explanations. Plan to review all areas. Audit professional with some experience : Allow at least 90 days of preparation based on the CISA preparation manual and exam questions with answers and explanations. Focus on areas of technology. Candidate with no real experience in the fields covered by the CISA : allow at least 180 days of preparation using all the available resources. Do not neglect any of the areas. Our experienced CISA trainers advise you to break down your preparation time as follows: 35 to 45% on the manual, 15 to 20% on coaching, and finally 35 to 40% on simulation exams and practice tests. 8. Be adaptable, keep an open mind In CISA, if I had to give you just one piece of advice, it would be to unlearn what you have learned. It's almost as important as learning the actual content of the concepts to remember for the exam. The IT industry is dynamic and constantly changing. So are the principles and techniques of auditing information systems. While preparing for and taking the exam, it is vital to keep an open mind, receptive to new and innovative ideas, and a neutral stance on developments that appear to go against the established norm. The CISA manual is kept up to date with all of these changes. Therefore, studying the manual in depth is an essential first step in your preparation. 9. Learn to manage your exam time As with other exams, success on the CISA is also dependent on how well and effectively you manage your time. A common comment from candidates who failed the exam indicates a lack of time to complete all of the questions. This results in poor time management in answering all questions. By reviewing previous years' question papers and practice exams, you need to design a passing strategy with estimates of how much time to spend per question and per. domain, so that you can answer all the questions. After all, what is expected of a CISA certified is to be able to make quick, pragmatic and efficient decisions. Managing your exam time to maximize your score is the first building block. 10. Participate in discussion groups and forums Candidates can join discussion groups and forums to interact with other candidates and certified. There are several CISA certification discussion forums on the web. These platforms can provide you with both theoretical and practical knowledge on IS auditing. They help to improve the understanding of concepts and their application in the real world. 11. Take a CISA exam preparation workshop A number of accredited training organizations like SPOTO offer CISA preparation workshops in the form of face-to-face sessions or online courses. Registration for and participation in a well structured and comprehensive CISA training course is highly desirable. A training session consists of presentations by experts and class discussions. Interacting with experienced security professionals from various parts of the world is an exceptional asset in leading you to success. Leader in professional IT certification training SPOTO offers face-to-face CISA preparation sessions, aligned with the exam requirements. They are always run by internationally recognized professionals. ISACA also offers revision courses for candidates who have registered for the exam. If you find individual learning difficult given your professional and personal constraints, you can participate in a review session offered by one of the ISACA chapters. For more information, visit the ISACA website.  12. Adapt your reasoning to ISACA's way of thinking Particularly for candidates taking the CISA exam in a language other than their native language, some questions can be confusing. Open-ended MCQs and the case study usually present subjective choices. They often use verbal reasoning to deduce expectations and arrive at the right answers. Do you feel that your verbal reasoning skills are not quite up to par? Then you will definitely benefit from taking an exam preparation workshop. In conclusion It is clearly a difficult examination. But, with good planning, hard work, and good advice, success on the first attempt is very much possible. If you follow the tips in this article and design a preparation plan to suit your own specific needs, the exam is within your reach. And you, how did you prepare for your exam? Did you have any difficulties? What advice would you give to new applicants? How do you rate this certification? Thank you for giving us your opinion in the comments. This will surely help a lot of applicants to prepare better. Have you passed your CISA certification? Please feel free to share the good news on this blog. You may then be asked to share your experience with other candidates ...