在上文《內部審計介紹之二: 專業要求CIA》中提到, 要成為一位內部審計師, 專業會計資格是不可缺少, 如果能擁有Certified Internal Auditor (CIA)及Certified Information System Auditor (CISA)就更好。
CISA是由 Information Systems Audit and Control Association(ISACA)所頒發, 和CIA一樣, CISA所學的與實際工作上遇到的沒有分別, 所以對現職內審的人來說考這個試並不太難, 不過考CISA需要有一定的IT知識, 如果本身並不是IT出身, 考CISA會有些難度。ISACA每年會刊印一本CISA考試手冊(CISA exam review manual), 內容涵蓋了所有考試的範圍, 但單單溫習這本手冊還不足夠, 還要閱讀ISACA的期刊及一些相關的文章。以我為例, 我是會計出身, 讀書時只修讀過幾門IT相關的課程, 對IT不太熟悉, 所以應考CISA前我花了一年時間準備, 包括報讀ISACA香港分會所舉辦的考試研習班, 溫習考試手冊(由頭到尾至少溫習了三次), 閱讀期刊及相關文章, 一旦有不明白的地方就向IT同事請教, 問到明白為止, 臨考之前就試做了過去多年的考試題目, 最後成功一次過關。
CISA考試是以選擇題作答, 根據現在的機制, 試題總共有200條, 但每條問題的分數並不一樣, 800分滿分, 考獲450分或以上為合格。考試合格后, 加上五年的相關IT審計經驗就可以申請成為CISA。CISA考試的詳情:
http://www.isaca.org/Template.cfm?Section=CISA_Certification&CONTENTID=20450&TEMPLATE=/ContentManagement/ContentDisplay.cfm
補充一下, CISA考試可以選擇中文試卷, 但我個人並不鼓勵這樣選擇, 因為其專有名詞的翻譯跟我們香港慣用的不盡相同, 可能會因此影響考試的成績。
&&&&&&&&
哈哈講起中文卷,你有冇見過CMA(US)份中文版本?簡直令人抱頭痛哭以為拿錯九陰真經最後一段! XD
回覆刪除(CMA真係唔明中國人心態,出中文卷唔會幫到佢打入中國市場只會令中國人覺得佢降左格!)
若缺齋老人兄, 謝謝你的支持. 其實我也問過ISACA香港分會為什麼試卷翻譯得那麼差,他們說知道有這問題,而且在很早以前已向總會反映,但因總會資源有限,而且翻譯是在美國做的,總會都不知道翻譯出來的結果是這樣.希望他們日後有所改善吧.
回覆刪除Bittermelon, 小弟是做Operational audit,而小弟公司的IS AUDIT已有另一條Team 的同事負責,根本不會有機會接觸IS audit, 那考CISA是否有用呢? 更可況CISA 要求除了考試成功外,還要有數年有關工作經驗才能獲取CISA的資格...
回覆刪除Hi匿名, 如果你對IS audit有興趣,可以試一下和你的上司說一下,安排你借調到那一邊幫忙,而且audit多是project basis,應該不太難吧.當然,只是有興趣還不夠,你至少也要具備一定的知識,否則不單只幫忙不到,而且可能會幫倒忙呢.
回覆刪除Hi Bittermelon, I am wondering whether CISA qualification is deemed to be a "must have" or "nice to have" qualification for the position of Chief Audit Executive. I have been working in both external and internal audit for about 12 years and currently being promoted to CAE with a retail company. I am a traditional internal auditor with an accounting and a MBA degree, a CPA(Aust) and CIA as well. In a word, do u think I must pursue the CISA qualification for upholding the status and sustainability in the internal audit field? Many thanks for your advice and assistance.
回覆刪除Hi Anonymous,
回覆刪除As you are CAE already, CISA is a "nice to have" qualification to you. I think the most important thing is whether you are familiar with the IT audit approach but not the qualification itself. If you are familar with such approach already, I don't think CISA is a must. However, if you want to acquire such knowledge, CISA is a good way.
Hope that my view do help.
Regard,
Bittermelon
Hi Bittermelon, the CAE again. The worst thing is I haven't any IT audit experience throughout my career, will CISA then give me some help under this situation? Also, even if I pass the exam but without the relevant experience, I cannot acquire the membership in that way. BTW, what is the core knowledge inside CISA, something about IT security? Thanks again.
回覆刪除Hi CAE,
回覆刪除Yes, CISA qualification can help you. Actually, CISA is not that "technical" in eyes of IT personnel. It is good for a layman like us (i mean CPA).
As you are CAE, once you know the IT audit approach, you can schedule some IT audit reviews in your audit plan. Thought this IT audit reviews, you can get relevant experience to get the membership.
For more information about CISA especially the syballus, please refer to the ISACA website.
Please let me know if you have further questions.
Bittermelon^^
Hi Bitterlemon,
回覆刪除I'm a fresh grad and just got an offer from one of the Big 4 in the department of IT Audit. What do you think about starting my career in this perspective? I have little IT background and i am quite concern about the future of it...thanks..
Alchemist
Hi Alchemist,
回覆刪除IT audit is a profession with good prospect in HK and Mainland China. Big 4 IT audit is a good start for this career. However, one thing you should consider is whether you really have interest on it. If you want to know more about this career, i suggest you can search the ISACA website.
Hi, bittermelon!
回覆刪除I'm in IT field for 10 years, with PMP(project mgmt) and CISSP(security system) certification, MBA. Currently, I'm an IT manager and would like to take the CISA exam to broaden my IT audit knowledge. I think CISA would give me more specific but professional path in IT career, rather than my current wide spectrum of IT knowledge. I'm interested in mgmt but not very technical in depth in IT while I like to learn something in procedural or methodologis for mgmt planning. Do you think CISA might help? Thanks.
Hi Anonymous,
回覆刪除As i'm not familiar with the IT profession, so i'm not able to give comment whether CISA is useful for IT career. However, some of my friends working in IT field is eager to take CISA exam, they said this qualification can enhance their IT knowledge especially in IT auditing and IT governance.
Hope this help.
Dear Bittermelon,
回覆刪除I have been working in the IA field for 7 years and I want to take the CISA exam. However, in order to get the 5 years relevant experience for certification, could I know whether my IA work experience can count? Actually, my work mainly related to operations review.
Thanks!
KS
Hi KS,
回覆刪除In your audit experience, are there any tasks / assignments which were in relation to IS auditing? Anyway, here is that CISA application form. Description of CISA Job Practice Areas are listed in page 7. If you had been working in those areas, you are eligible to apply CISA.
http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Apply-for-Certification/Documents/Application-form-download.pdf
Hope this help.
Thanks Bittermelon,
回覆刪除I read over the form and its seems have a very detailed requirements. In my audit assignments, IS audit is only partially involved e.g. reviewing access rights, interfaces, or data integrity etc. Would that be enough?
Could you share how could you get the experience required for CISA certification as an Finance IA?
KS
Hi KS
回覆刪除Would you mind send me an email at bittermelon2009@gmail.com?
你好呀,有間公司請我做IA既小薯仔,咁我本身做marketing既,如果由0開始,想考CPA, CIA, CISA分別要準備幾年左右?今年28, 會唔會太遲入行?求意見,謝謝你。
回覆刪除匿名君, 有心唔怕遲嘛. 由於你以前未做內審,而且也非會計出身,建議你先考取CIA邊學邊做.完成後在考取CISA和CPA.
回覆刪除希望幫到你.
Hello, Bittermelon, 我只有3年External Audit 經驗,請問我符合資格考CISA嗎?
回覆刪除還有,關於簽經驗,請問我可以找誰去簽經驗?