|
|
|
 |
 |
|
What happens, if after registering, one decides not to take the exam?
Yes the
exam test location can be changed upto 16 April, 2010 without a charge
and
between 17 April and 23 April with a US $ 50 charge. No change will be
allowed
after 23 April 2010. What happens, if after
registering, one decides not
to take the exam?
One can
either withdraw from appearing for the exam or defer taking the exam to
a
future date. There is a scheme for
deferring the exam on payment of a fee. The
exam can then be taken at the next
opportunity. Full details are available at
http://www.isaca.org/examdefer. What is the exam like and what are the passing marks?
The paper consists of 200
multiple-choice questions to be answered in 4 hours,
covering six chapters viz.
(a) IS Audit process (c) Systems and Infrastructure
Lifecycle Management (d) IT Service Delivery and
Support (e) Protection of Information Assets and
(f) Business Continuity and
Disaster Recovery. A brief
syllabus is contained in the Annexure to this document “CISA – Content Areas”. Candidate scores are reported as a
scaled score. A scaled score is a
conversion of a candidate’s raw score on an exam to a common scale. ISACA uses and reports scores on a common
scale from 200 to 800. A candidate must
receive a score of 450 or higher to pass the exam. If you are eager to test
yourself with a sample test, please visit www.isaca.org/cisasamplequestions What are the reading materials required?
a)
ISACA publishes CISA Review Manual (CRM) every
year and that is the basis for starting studies. It
is
available for purchase from www.isaca.org. The
cost
is $105 for members, and $135 for non-members. The
textbook ‘IS Audit and Control’ by
Ron Weber is another good resource. b)
The CISA Practice Questions Database V8 English Edition
(CD-ROM) Cost: $160 for members, and $195 for
non-members. It combines
the
700 questions, answers and explanations included in the CISA Review
Questions, Answers & Explanations 2008. This
helps
you to understand how exam questions are framed. Website
download is also available. c)
IS Audit guidelines, procedures, Control Objectives in
Information Technology (COBIT version 4.1) – 40
guidelines have been published by ISACA on various aspects such as
General Usage of Internet, VPN, Internet Banking, Privacy, etc. A reading of these will give you what ISACA’s
thinking is on these areas. A
definite
bet for choosing correct answers in the exam.
The guidelines, procedures and control
objectives can be downloaded from www.isaca.org. d)
Other
websites for reference
include: www.isaca.org/glossary for a glossary of terms www.whatis.com and
www.webopedia.com -- for learning about various terms / acronyms that
you do not understand. www.cio.com/abcs -- for
understanding the basics of new technologies. www.howstuffworks.com -- for understanding the basics of computers, internet, DNS, wireless, etc.
How to prepare?
Read, read, read… Understand
the
subject; Highlight important points; if you are used to
group study, please do so. Group study
does help in sustaining momentum / motivation, sharing of knowledge and
understanding various perspectives. Primarily,
the
exam tests your conceptual understanding of various technologies,
processes, risks, controls, audit and governance techniques. Generally, it takes three to six months (2 hours of study a day) to prepare and be confident of facing the exam, depending on the individual’s experience and exposure to the content areas, and grasp of new concepts. It is best to complete one reading of CISA Review Manual in the first 2 months. One idea would be to take a dummy test first (of say 50 questions, to see where you stand), then, after one reading of CRM take the same test again and see the improvement made. It is preferable to take tests after studying each chapter, and then retake these tests after a gap of one month to see if any mistakes have been repeated. These will be the concepts that you have to get right.
Are there any classes available for preparing for the
CISA Exam?
The
Hyderabad Chapter of ISACA conducts classes for every batch of the
examination.
These classes are conducted every Sunday starting from 7 February ,
2010
and go on till the weekend before the exams. They are generally
conducted from
8.30 am to 12.30 pm. In some cases, classes are also held on Saturdays.
The
classes are generally held in a central convenient location. The fee
for the
classes will be announced in January. Classes
are conducted by experienced faculty who have passed the exam and have
experience in their respective domains. Mock Tests are conducted at the
end of
each Chapter and two full mock tests are conducted at the end. The
cost for the classes conducted by the Chapter is Rs. 5,000 for members
and Rs. 6,000 for non-members. For repeat candidates who have attended
the classes before, the fee is Rs. 3,000. For
persons who are unable to attend classes over such an extended period
of time,
the Hyderabad Chapter also conducts a CISA Quick Refresher Course for 4
full
days sometime in May. I am not in the field of IT. Can
this
be a barrier to taking the CISA exam?
Normally, in India, 3 groups of professionals appear for
CISA—Technical professionals (hardware/software/telecom, etc.), Bankers
and Chartered Accountants. The results are
evenly spread among the 3 groups meaning that no particular group is at
an advantage or disadvantage. For
understanding the concepts, technical knowledge is necessary but this
does not mean one should have previous experience.
The questions in the exam are mostly
managerial in nature, to answer which the first pre-requisite is a
thorough understanding of concepts. A
little bit of technical knowledge does help but this may also lead one
to complacency. Open mind, eagerness to
absorb knowledge / new concepts and sustained efforts will surely
result in success. * * * * * * * * * * Annexure - CISA Content Areas
Content Area 1: IS Audit Process (10%)
Content Area 2: IT Governance (15%) Monitoring and Assurance Practices for Board and
Executive Management, IS strategy, Policies and Procedures, Risk
Management, IS Management Practices, Auditing IT Governance Structure
and Implementation etc. Content Area 3: Systems and Infrastructure Lifecycle (16%) Project Management Structure and practices, Business
Application Development, Infrastructure Acquisition Practices, IS
Maintenance Practices, Application Controls, eCommerce, EDI etc. Content Area 4: IT Service Delivery and Support (14%) IS Operations, Hardware, IS Architecture and software,
LAN, WAN, Wireless Networks, Network Administration and Control etc. Content Area 5: Protection of Information Assets (31%) Infosec Management, Logical access exposures and controls, Network infrastructure security, Encryption,
Firewalls, viruses, environmental exposures and controls, physical
access exposures and controls, mobile computing etc. Content Area 6: Business Continuity and Disaster Recovery
(14%) Planning, development and testing of Plans, Recovery
objectives, incident management, RAID, Backup and restoration, Library
controls etc. You can contact us by sending a mail to contact@isaca.org.in |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
