CISA Study Plan – Prepare for the CISA Exam
CISA Study Plan – The CISA (Certified Information Systems Auditor) certificate is renowned all across the globe as a standard for Business Systems and Information technology professionals to be able to audit, monitor, access and control data. Being certified identifies candidates for their professional experience, knowledge and skills and further their expertise in managing vulnerabilities, institute control and ensure compliance within the production. Here We are providing suggested CISA study plan for CISA Students.
CISA Study Plan
Many professionals fail to pass the exam on their first attempt for the number of reasons such as:
- Technical knowledge is important however ability to audit and manage IT security processes is a must to earn CISA credentials, hence professionals from technical background sometimes struggle.
- Considering the other end, professionals from accounting background are good in auditing areas however, lack technical skills.
- Few professionals try their own approach to tackle the difficult questions, instead of the standard approach of ISACA.
Efective Approach TO CISA Exam
A. Objective of CISA Exam | CISA Study Plan
The CISA Exam Bulletin states that the CISA program is designed to assess and certify individuals in the IS Audit, control, assurance and security professions who demonstrate exceptional skill and judgement. The CISA exam is offered each year in June and December and consists of 200 multiple-choice questions, administered during a four-hour session. The purpose of the exam is to test a candidate’s knowledge, evaluation and application of IS audit principles and practices and six technical content areas covering IS Audit process, IT Governance, Systems and Infrastructure life cycle, protection of information assets and Business continuity and disaster recovery.
B. Understanding of Information Technology (IT)
The CISA exam questions are developed and maintained carefully to ensure they accurately test an individual’s proficiency in IS audit, control and security practices. Hence, CISA Candidates are expected to have working knowledge of IT, auditing, control and security practices. The basic understanding of IT should cover key concepts of various components of Information Technology in their practical deployment. The IT knowledge should encompass overall understanding of IT Infrastructure, IT Facilities, various types of Computer hardware, Systems Software (Operating System, Database, Networking, Multimedia, etc), Business Application software, Office Automation Software and Audit Software. Further, candidates are expected to know concepts and practice of Management as relevant to IT deployment in enterprises.
C. CISA Review Manual (CRM) – Basic reference material
CISA Candidates are advised to read the CISA Exam Bulletin of information for understanding details of CISA exam. The Candidates guide to CISA exam must be read to understand broad range of job/process content areas covered including objective, tasks and knowledge statements. The CRM elaborates and covers the topics as per the job/process content areas and including task and knowledge statements. Candidates are advised to use the CRM as the basic guide for learning and supplement additional material as required based on their assessment of gaps and individual competency areas. CRM is not expected to teach fundamental concepts of Information Technology. However, IT components are explained only to the extent required.
D. Conceptual Clarity
CISA Candidates need to have conceptual clarity in the following key areas:
- Risks in deployment of Implementing Information Technology
- Appropriate risk management strategy for mitigating these risks.
- Security and controls, which need to be implemented for risk mitigation.
- Strategy, approach, methodology and techniques for auditing technology.
E. Need for working knowledge of IT
Candidates who are not well conversant with IT are advised to do a practical course on IT covering hardware, systems software, office automation, business applications and audit software. This is no substitute for working knowledge but would help familiarize candidates with IT in their practical deployment.
F. Getting CISA Perspective – practical approach
The overall understanding of a CISA candidate is expected to cover the related content areas as per the objectives, tasks and knowledge statements given in the Candidates Guide to CISA Exam. Primarily it encompasses three major disciplines – Information Technology, Management, Auditing, control and security practices. The CISA candidates may follow the following approach for getting the perspective of a CISA:
- Obtain overall understanding of Information Technology – concepts and practice
- Understand the Risks of deployment of relevant IT Component
- Know the features and functionalities of security and controls of IT Component
- Understand how controls could be implemented using the security features and functionalities so as to mitigate the risks in the relevant IT Component
- Learn how to audit IT components by understanding the risks, review related security, evaluate implemented controls, identify areas of weaknesses and provide appropriate recommendations to mitigate the control weakness.
G. Reference Material for CISA Exam
The CISA Review Manual (latest) as relevant to the exam is the best reference material for the exam. This should be supplemented with other material as required. In addition to this, the CISA Questions, Answers and Explanations Manual or CD is an excellent reference point for practising questions. Please read articles of IS Control Journal of last two years. COBIT Control objectives can be read to understand Controls for various IT processes. Answer the CPE quiz of journal.
|CISA Study Plan|
|Chapter||Sec 2 pages||Sec 1 pages||Total Pages||Required mins/pages||Total Required mins||In Hours||Exam %|
|If I spend 3 hours everyday then in Days:||22.22|
|Pages||Required mins/Ques||Total Required Mins||In hours|
|If I spend 3 hours everyday then in Days:||9.17|
CISA Study Plan | Approach to exam
- Remember that CISA is an objective type exam and just like any exam, it is not necessarily a reflection of your talent, capabilities, competencies or skill-sets. Hence, if you have not been or are not successful, then you should not take it personally. There are times when senior and experienced professionals have failed in the CISA exam not once but two to three times. It does not mean that they were not capable. This only means that they need to learn the knack of passing the exam. It is important to analyse what could have wrong and learn from them. It is quite possible that your current experience itself is becoming a baggage. Think from a new perspective and focus now only on questions and answers and read the topics where you need to.
- There are 200 questions to be answered in four hours. This would mean that approx. 70 seconds per question. Some of the questions may be answerable within 30 seconds and some may take more time. Further, in some cases, if you get lost in too much thinking, you may lose track of time and may not have time to answer all questions. Hence, it is essential to manage based on a slot of one hour or for a block of 50 questions. Depending on the progress, you can increase or decrease the pace as required.
- As part of preparation, do discuss the questions and answers with an open mind. If you are auditor, get the technology perspective and if you are from IT, get the Audit perspective. Remember as an IS Auditor, you are expected to be auditing Technology as deployed in the organisation.
- Familiarise yourself with the test. Know the tasks, knowledge and scope of the subject, the type of questions and proposed answers. The key ideas to be remembered as an IS Auditor are IS Risks, IS Security, IS Control and IS Audit. You need to be well versed with these concepts. The questions may require you to grade the risks in terms of highest or lowest. In terms of security and controls, you may be required to pick up the best or least effective controls in the context of the question. An IS Audit question may require your judgement in terms of concepts, practical procedures or risk ranking or presenting the findings to the management. There may be few questions, which tests your understanding of core technology. For example, encryption, EDI, Internet Security, Telecommunications control, etc.
- The questions are not directly picked up from any text book or reading material but are prepared by Practising CISAs and are aimed to test your understanding of the concepts and practice of IS Audit.
- Learn to play the game of CISA. It is not just your knowledge but your ability to answer the questions which is very important. Most candidates who take the exam have most of the knowledge required to pass the CISA exam. You are possibly making the same mistake again and again because you are stuck in your approach. Hence, read the CRM afresh and answer the questions. Interact with other students and get your perspective right. If required, attend a CISA refresher course conducted by a nearby chapter. Identify where you are going wrong else you may commit the same mistakes again.
Recommended Read : Complete Details of CISA Exam preparation tips, Study material
CISA Study Plan – Prepare for the CISA Exam