Bittermelon 苦中作樂: 內部審計介紹之三: 專業要求CISA

2009年2月10日星期二

內部審計介紹之三: 專業要求CISA

在上文《內部審計介紹之二: 專業要求CIA》中提到, 要成為一位內部審計師, 專業會計資格是不可缺少, 如果能擁有Certified Internal Auditor (CIA)及Certified Information System Auditor (CISA)就更好。

CISA是由 Information Systems Audit and Control Association(ISACA)所頒發, 和CIA一樣, CISA所學的與實際工作上遇到的沒有分別, 所以對現職內審的人來說考這個試並不太難, 不過考CISA需要有一定的IT知識, 如果本身並不是IT出身, 考CISA會有些難度。ISACA每年會刊印一本CISA考試手冊(CISA exam review manual), 內容涵蓋了所有考試的範圍, 但單單溫習這本手冊還不足夠, 還要閱讀ISACA的期刊及一些相關的文章。以我為例, 我是會計出身, 讀書時只修讀過幾門IT相關的課程, 對IT不太熟悉, 所以應考CISA前我花了一年時間準備, 包括報讀ISACA香港分會所舉辦的考試研習班, 溫習考試手冊(由頭到尾至少溫習了三次), 閱讀期刊及相關文章, 一旦有不明白的地方就向IT同事請教, 問到明白為止, 臨考之前就試做了過去多年的考試題目, 最後成功一次過關。

CISA考試是以選擇題作答, 根據現在的機制, 試題總共有200條, 但每條問題的分數並不一樣, 800分滿分, 考獲450分或以上為合格。考試合格后, 加上五年的相關IT審計經驗就可以申請成為CISA。CISA考試的詳情:
http://www.isaca.org/Template.cfm?Section=CISA_Certification&CONTENTID=20450&TEMPLATE=/ContentManagement/ContentDisplay.cfm
補充一下, CISA考試可以選擇中文試卷, 但我個人並不鼓勵這樣選擇, 因為其專有名詞的翻譯跟我們香港慣用的不盡相同, 可能會因此影響考試的成績。

&&&&&&&&

12 comments:

若缺齋老人/陳潢提到...: 哈哈講起中文卷,你有冇見過CMA(US)份中文版本?簡直令人抱頭痛哭以為拿錯九陰真經最後一段! XD

(CMA真係唔明中國人心態,出中文卷唔會幫到佢打入中國市場只會令中國人覺得佢降左格!); 2009年2月10日下午5:19
Bittermelon 提到...: 若缺齋老人兄, 謝謝你的支持. 其實我也問過ISACA香港分會為什麼試卷翻譯得那麼差,他們說知道有這問題,而且在很早以前已向總會反映,但因總會資源有限,而且翻譯是在美國做的,總會都不知道翻譯出來的結果是這樣.希望他們日後有所改善吧.; 2009年2月11日上午8:50
匿名提到...: Bittermelon, 小弟是做Operational audit,而小弟公司的IS AUDIT已有另一條Team 的同事負責,根本不會有機會接觸IS audit, 那考CISA是否有用呢? 更可況CISA 要求除了考試成功外,還要有數年有關工作經驗才能獲取CISA的資格...; 2009年2月21日下午9:56
Bittermelon 提到...: Hi匿名, 如果你對IS audit有興趣,可以試一下和你的上司說一下,安排你借調到那一邊幫忙,而且audit多是project basis,應該不太難吧.當然,只是有興趣還不夠,你至少也要具備一定的知識,否則不單只幫忙不到,而且可能會幫倒忙呢.; 2009年2月23日上午8:46
匿名提到...: Hi Bittermelon, I am wondering whether CISA qualification is deemed to be a "must have" or "nice to have" qualification for the position of Chief Audit Executive. I have been working in both external and internal audit for about 12 years and currently being promoted to CAE with a retail company. I am a traditional internal auditor with an accounting and a MBA degree, a CPA(Aust) and CIA as well. In a word, do u think I must pursue the CISA qualification for upholding the status and sustainability in the internal audit field? Many thanks for your advice and assistance.; 2009年12月29日上午10:51
Bittermelon 提到...: Hi Anonymous,

As you are CAE already, CISA is a "nice to have" qualification to you. I think the most important thing is whether you are familiar with the IT audit approach but not the qualification itself. If you are familar with such approach already, I don't think CISA is a must. However, if you want to acquire such knowledge, CISA is a good way.

Hope that my view do help.

Regard,

Bittermelon; 2009年12月29日下午2:14
匿名提到...: Hi Bittermelon, the CAE again. The worst thing is I haven't any IT audit experience throughout my career, will CISA then give me some help under this situation? Also, even if I pass the exam but without the relevant experience, I cannot acquire the membership in that way. BTW, what is the core knowledge inside CISA, something about IT security? Thanks again.; 2009年12月29日下午2:47
Bittermelon 提到...: Hi CAE,

Yes, CISA qualification can help you. Actually, CISA is not that "technical" in eyes of IT personnel. It is good for a layman like us (i mean CPA).

As you are CAE, once you know the IT audit approach, you can schedule some IT audit reviews in your audit plan. Thought this IT audit reviews, you can get relevant experience to get the membership.

For more information about CISA especially the syballus, please refer to the ISACA website.

Please let me know if you have further questions.

Bittermelon^^; 2009年12月29日下午5:58
the Alchemist 提到...: Hi Bitterlemon,

I'm a fresh grad and just got an offer from one of the Big 4 in the department of IT Audit. What do you think about starting my career in this perspective? I have little IT background and i am quite concern about the future of it...thanks..

Alchemist; 2011年1月11日下午9:07
Bittermelon 提到...: Hi Alchemist,
IT audit is a profession with good prospect in HK and Mainland China. Big 4 IT audit is a good start for this career. However, one thing you should consider is whether you really have interest on it. If you want to know more about this career, i suggest you can search the ISACA website.; 2011年1月12日上午11:37
匿名提到...: Hi, bittermelon!
I'm in IT field for 10 years, with PMP(project mgmt) and CISSP(security system) certification, MBA. Currently, I'm an IT manager and would like to take the CISA exam to broaden my IT audit knowledge. I think CISA would give me more specific but professional path in IT career, rather than my current wide spectrum of IT knowledge. I'm interested in mgmt but not very technical in depth in IT while I like to learn something in procedural or methodologis for mgmt planning. Do you think CISA might help? Thanks.; 2012年4月24日上午2:03
Bittermelon 提到...: Hi Anonymous,
As i'm not familiar with the IT profession, so i'm not able to give comment whether CISA is useful for IT career. However, some of my friends working in IT field is eager to take CISA exam, they said this qualification can enhance their IT knowledge especially in IT auditing and IT governance.

Hope this help.; 2012年4月24日上午8:19

張貼意見

訂閱：張貼意見 (Atom)

Bittermelon 苦中作樂

2009年2月10日星期二

內部審計介紹之三: 專業要求CISA

12 comments:

LinkWithin

熱門文章