It’s that season again, and auditors are starting to think about the next step in their careers. Many started the new year with resolutions, including educational goals. For an auditor, one of the educational eventualities that all auditors must eventually face is, is this the year I should become CISA certified?
ISACA only offers the exam twice a year, once in June and once in December each year. So taking the exam requires a little planning. If you’re one of those people that’s considering the exam this year, I have some advice for you. I’ve been teaching a CISA preparation class that I authored for the SANS Institute since 2005, and in all these classes I’ve taught, we’ve only ever had one student fail the exam. That being said, I have some advice for those of you considering taking the exam that I hope will help you to prepare and meet your educational resolutions!
1. Start Planning Now. You can’t wait until May and then expect to pass the exam. First of all, registrations for the exam are cutoff in April. That means you have to at least sign up for the exam two months in advance. If you don’t sign up I guarantee you won’t pass the exam. Once you’ve signed up for the exam, the second part of this step is to make yourself a training schedule and stick to it. Don’t underestimate the power of a good project plan for passing the exam!
2. Digest the ISACA Review Manual. You have to plan on reading the Review Manual from ISACA for the year you take the exam. Don’t bother with any other books or websites. This is the authoritative material that the exam questions are based on. Focus your time on this book, read it cover to cover, and make sure you understand everything inside. How easy is that?
3. Attend an In-Depth Review Course. There are a lot of courses out there run by volunteers, especially local ISACA chapters, that are trying to help their members with study sessions. These classes can be good refreshers, but make sure you know, they’re just that refreshers run by good hearted volunteers. If you take a short review class, bootcamp, or try to prepare on your own make sure you know, you will have to spend a lot more time preparing for the exam on your own. If your self motivated, these methods will work. But if you need structure to help you with your goals, consider signing up for a course that will help mentor you through the materials from start to finish and that won’t assume you already know the information.
4. Start Thinking Like an Accountant. This is one of the best pieces of advice you can get when you’re preparing for the exam. Remember, most of the people who wrote the CISA exam are either accountants or work in the financial services industry. They think like accountants. They don’t think like technology geeks or infosec professionals. Start to ask yourself the question, how would an accountant think about this question? This will help tremendously especially once you start taking practice tests and are trying to decide between two answers that both seem like they could be valid answers.
5. Take as Many ISACA Practice Tests as Possible. Like the ISACA Review Manual, focus on taking practice tests from ISACA as a part of your training schedule. Don’t try to use brain dump sites or memorize answers – but take as many ISACA practice tests as possible. This will get you into the mode of being able to answer questions the way ISACA wants you to answer them. This will also help test your knowledge level of the different content areas covered by the exam. The more questions and practice tests you take the better off you will do. You should plan on consistently scoring 90% or better on your tests before you take the real thing. (Side note, if you decide to take the preparation course with SANS, don’t buy these on your own, they’re included in the price of the class).
Overall passing the exam is possible. Many people have gone before you to pass the exam and have been successful and so can you. But passing the CISA exam is not something you try to throw together at the last minute. It requires time and dedication to reach the goal. Everyone I talk to that works in the audit field tells me, this certification is a must if you want a career in the IS Audit field. Maybe this is your year?
As I mentioned before, at the SANS Institute we do offer an in-depth training program for passing the exam. This is not a boot camp, but it is in-depth training and mentoring that is designed to teach you what you need to know to be a good auditor, as well as help you pass the exam. To learn more about the next class we’re offering, check us out online here: http://tr.im/MGnD.
Good luck, and we wish you the best in your preparations this year!