Isaca Cisa Review Manual 2015

On

This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 percentile of fellow test takers! With the test passed and the experience still very fresh on my mind, I felt I should take the opportunity share my experience and any advice to aid my fellow aspiring Certified Information Systems Auditors (CISA) out there! What was the CISA Exam Like!? I’ll get strait to answering the question I assume 99% of the people who stumble onto this blog are looking for. The name of the certification is “Certified Information Systems auditor” yet I felt like the content was a bit light on the information systems side. This might be personal bias, since I have a very technical background and most of what was covered on the exam from a technical standpoint was fairly lightweight to me. Instead, I felt like a lot more attention was given to IT governance (for example, what is the appropriate role of the board of directors, senior management, audit staff, etc.) and things like Disaster Recovery and Vendor Management.

( Side Note: After studying and sitting for the CISA exam I’ve come to realize most of the organizations I audit are not giving their disaster recovery planning enough attention!) There were also a fair amount of questions on actual audit processes, like which kind of control is best in what situation (detective VS preventative controls, automated controls, and so forth). The takeaway here is that if you aren’t highly technical – you should be fine. CISA Test Prep To prepare for the CISA, I relied heavily on ISACA’s official study materials. I primarily ran through their. I also referred to a free put together by Mack over at the. The Book The ISACA review manual was helpful as a support text for topics I encountered while running through the test database. I strongly suggest you DO NOT read the review manual from front to back as you would a traditional text book.

Isaca

Free Cisa Review Manual

You’ll quickly become bored to tears and start contemplating new career choices. Instead, skim the book for key concepts and terms. Test Database Questions What was most surprising to me upon actually taking the CISA was that none of the questions in the official ISACA test database showed up on the exam.

Cisa Review Manual Download

(Christian, the co-author of this blog, said that when he took the exam the test database was very similar to the exam.) Simply running through the test database and memorizing answers will not help you (at least in my experience). It is much more important you take the test questions and read the explanations ISACA gives you then follow up in their review manual for more details. Thankfully, I took the time to properly prepare and didn’t try to “pump and dump” for this exam. The exam did force me to actually think through many of the questions. What is the CISA Test Taking Experience Like? I sat for the CISA in Atlanta, GA.

The test taking environment was extremely controlled with three proctors walking the room for the duration of the exam. We were asked to empty our pockets and put any personal items at the front of the room when entering. Cell phones were not allowed in the exam space and had to be checked at the front desk before entering. During the test, only one person was allowed to go to the restroom at a time and a proctor stood outside the door of the restroom while you went. The only thing allowed on the desk during the test were a few #2 pencils and an eraser. I saw some people have their erasers inspected (because they were covered in a paper wrapping).

If the leads broke on all your pencils during the test, you were out of luck and warned of that ahead of time. The test was all Scantron (fill in the bubble), multiple choice and consisted of 200 questions. I finished the exam in about an hour and a half of the four hours allotted. I was among the first to complete the exam. We were warned repeatedly that there was a zero tolerance policy for breaking any rules and the proctors appeared to take the rules very seriously. In the lobby there were free refreshments (including a soda fountain machine and a Keurig coffee machine) and parking was partially validated for us.

Manual

The test taking environment was very nice. Anyone else a CISA? Do you have any pressing questions I didn’t address? Share your questions and experiences in the comments.

Yes Shane – congratulations. I took the exam a little over 12 years ago, but it sounds like the process is roughly the same – especially the extreme proctoring. I remember I had a cold when I took the exam and they inspected my Kleenex and cough drops.

My biggest frustration with the exam was the inconsistency of the questions. Back then (and may still be the case), exam questions were written by CISAs and ISACA members.

Members could submit questions and it seemed like they were simply pasted into the exam. There was no consistency in style, format or content which made it challenging to get into a rhythm. I also felt there was some subjectivity in the questions themselves. A lot of them would ask for the BEST answer or action you would take FIRST.

Many of the answers could technically be correct, but not necessarily the FIRST or BEST thing to do. I also agree that the review manual should mainly be used as a reference while going through the practice questions. In fact, I remember many of the practice questions covering material that wasn’t even in the manual.

Personally I found the CISSP study manual to be a better reference for the CISA. I highly recommend using it as a resource. You can typically pick one up cheaper at a used book store. Or check out ITAuditSecurity’s blog for reference material. I often struggle with self guided study.

For me using the book would have led to me not successfully passing the exam. A former colleague of mine suggested I try the ISACA CISA online study course. For me this was great – I was able to study an hour a night with some self paced tutorials. There were questions during at the end of each section – and then I supplemented this with the very popular questions database. Also – at the end of each section (there are 5) you are given CPE credits (I have other certifications – so this was very valuable for me). As this blog does alot of showing – there are many ways to skin a cat – in this case passing the CISA exam.

For me I found this ISACA course to be a little expensive ($500) but also very useful in passing the September 2014 CISA exam. Ziyanda, Honestly, the exam is more concerned with audit techniques and the various elements of IT management than the hard IT concepts. For example, there are quite a few questions on change management, logical access, and disaster recovery- which in my experience, the pure IT guys don’t always necessarily understand the workings of from the same perspective as the Auditor or Manager might. Further, there is a professional experience requirement which you probably won’t meet at this time.

If you want to break into the IS Auditing and Security field, I’d suggest checking out CompTIA’s Security+ and Network+ certs. I don’t believe they have work experience requirements.

Good luck, Shane. Anthony, I’m not familiar with the ISO Lead Audit Cert. The CISA certification isn’t like the Security+ certification. The two tests are concerned over very different subject matter.

I’d argue you learn a lot more from studying for the CISA than Security+ though. All I’ve learned studying for the Security+ are a bunch of acronyms, thus far. I’d get the CISA just to get my foot in the door with most jobs if I were you. Expect to be studying a lot more about audit techniques and IT management than hard IT concepts though. Anthony, The best training resource is the official CISA test question app that ISACA sells. If your job will pay for the reference manual, I’d get that too, just so you can look stuff up that you have questions about while taking the practice exam.

Studying the reference book alone won’t get you far. It’s best to do the test questions then follow up by looking up things in the reference book. Don’t just pump and dump the exam either. There were no repeat questions on the actual test, just questions over the same subject matter. Look for CISA Review Questions, Answers & Explanations Database v15 CD-ROM here. Hi I too am starting out on this and have a question please on good training materials- after reading the posts above i looked out for the ISACA material but the following is on their website ”The CISA Online Review Course is no longer available for purchase. A new course is being developed that incorporates CISA job practice changes as well as upgrades to the course format and technology.” Does anyone have any opinions as to the courses offered by (1) certified information security (2) Simplilearn (3) Exam matrix // these are the only 3 i could find when carrying out a google search Many thanks.