| The implementation of the CISA examination has | | | | complies with standard accounting practices. |
| resulted in a considerable standardization of skills and | | | | The whole integral concept of IT management |
| functions among auditors in the IT industry. This was | | | | involves the study and control of the different |
| an extremely necessary step, as this is a fast growing | | | | components of the business. This covers not only the |
| and ever changing industry, an industry in a constant | | | | identification and acquisition of key components, but |
| change of flux, and rules and guidelines that might | | | | also their later installation and management. One has to |
| apply perfectly well today could well turn out to be | | | | ensure that implementing new strategies actually fits |
| completely invalid a few months down the line. The | | | | into the overall company, and does not end by |
| CISA examinations, by meticulous testing of applicants, | | | | disrupting the smooth running of the organization - |
| holds the industry to the requirements and guidelines of | | | | because without this the organization will be unable to |
| Information Systems Audit and Control Association, or | | | | meet it's goals. |
| ISACA. | | | | There are other aspects that are covered - Systems |
| By strenuous testing (the examination is 200 questions | | | | and Infrastructure Lifecycle Management was another |
| long and lasts four whole hours!) the CISA ensures | | | | area we mentioned. Here, with the aid of potent tools, |
| that it covers every aspect of an auditors job, from | | | | data is documented and then secured. These are the |
| Information Security Processes to Systems and | | | | core integral aspects of the process. |
| Infrastructure Lifecycle Management. | | | | The failure of backups after a catastrophic failure of |
| Now what exactly is the point of all this? It's very | | | | main systems is unacceptable - so current and regular |
| simple. An IT auditor's job can be just as strenuous as | | | | backups of all systems is key. It's absolutely essential |
| the examination. As an example, one of the goals of | | | | to ensure that the core data bank remains secure - |
| an auditor's mandate is to not only maintain the smooth | | | | and it's equally crucial to ensure that any backup |
| functioning of the organization, but to make sure it | | | | systems also retain their integrity. For this to succeed, |
| survives - to literally extend it's lifespan. This comes | | | | not only do we need backup systems in place, but we |
| under the auspices of what we call Information | | | | also need to ensure that we have a schedule upon |
| Technology Governance, one of the areas covered | | | | which we can work to ensure re-integration of |
| by the CISA. One learns to assess and manage | | | | backups with the main database in case of a |
| business risks, and to ensure that the organization | | | | catastrophic failure. |