• Like
Information Systems Audit-Related Designations
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Information Systems Audit-Related Designations


In this slidecast, Michael Lin provides an overview on the role of information systems (IS) audits, available IS audit-related designations, and the benefits of attaining or hiring individuals with …

In this slidecast, Michael Lin provides an overview on the role of information systems (IS) audits, available IS audit-related designations, and the benefits of attaining or hiring individuals with these designations. He also attempts to provide some guidelines on how an IS audit professional should pursue such designations.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Information Systems audit-related designations
    ACC 626: Final Report Slidecast
    Delivered by: Michael Lin
  • 2. Information System (IS) Audit...
    Profession traditionally concerned with audit
    Increased complexity in IS ingrained in business processes
    Old requirements + New complexity = Need for new expertise
  • 3. ...-Related Designations
    In response, professional associations created IS audit-related designations
  • 4. Overview
    Role of IS Audits
    Overview of IS Audit-Related Designations
    Benefits of Certification – For the Professional
    Benefits of Certification – For the Organization
    Guidelines for the Pursuit of IS Audit-Related Designations
  • 5. Role of IS Audits
    Need to understand role of IS audits in today’s business environment
    Role relates to efficiently and effectively conducting audits in the context of complex IS
    Some audit types where IS audit is employed:
    Audit of Financial Statements
    Section 5970 Audits
    Trust Services
    Internal Audit
  • 6. Role of IS Audits (Cont’d)
    Audit of Financial Statements
    IS traditionally used to record, process, and summarize transactions for financial statement generation
    IS increasingly used for other critical business processes in an integrated manner
    Section 5970 Audits
    IS utilized for service delivery
    IS includes many embedded controls
  • 7. Role of IS Audits (Cont’d)
    Trust Services
    Security, availability, processing integrity, confidentiality, and privacy
    IS clearly important
    Internal Audit
    Not external reporting, delivers value in various ways
    IS may be extensively utilized in business processes
    i.e. Both internal and external audit may involve IS audit
  • 8. Overview of IS Audit-Related Designations
    Extensive number of relevant designations, with some very specialized differences
    To examine:
    Major designations in discipline
    Some classifications of other related designations
  • 9. Certified Information Systems Auditor (CISA)
    Single most relevant designation for IS audit
    Flagship designation for ISACA (actual name), with over more than 85,000 professionals in nearly 160 countries
    “...for those who audit, control, monitor and assess an organization’s IT and business systems”
  • 10. CISA (Cont’d)
    Five job practice domains
    Domain 1—The Process of Auditing Information Systems (14%)
    Domain 2—Governance and Management of IT (14%)
    Domain 3—Information Systems Acquisition, Development and Implementation (19%)
    Domain 4—Information Systems Operations, Maintenance and Support (23%)
    Domain 5—Protection of Information Assets (30%)
  • 11. Certified Information Security Manager (CISM)
    Second most popular designation offered by ISACA with 16,000 professionals
    “...for individuals who design, build and manage enterprise information security programs”, with a high-level management focus
  • 12. CISM (Cont’d)
    Five job practice domains
    Domain 1—Information Security Governance (23%)
    Domain 2—Information Risk Management (22%)
    Domain 3—Information Security Program Development (17%)
    Domain 4—Information Security Program Management (24%)
    Domain 5—Incident Management & Response (14%)
  • 13. Certified Information Systems Security Professional (CISSP)
    Offered by the International Information Systems Security Certification Consortium (ISC)2
    For “professionals who develop policies and procedures in information security”
    Offers concentrations in Architecture, Engineering, and Management
  • 14. CISSP (Cont’d)
    Ten domains of knowledge:
    Access Control
    Application Development Security
    Business Continuity and Disaster Recovery Planning
    Information Security Governance and Risk Management
    Legal, Regulations, Investigations and Compliance
    Operations Security
    Physical (Environmental) Security
    Security Architecture and Design
    Telecommunications and Network Security
  • 15. Other Designations – IS and IT
    Designations in IS and IT generally (i.e. not necessarily directly related to audit)
    Benefits IS audit professionals through provision of general background knowledge or specific area expertise
    Three potential categories:
    General focus, e.g. I.S.P.
    Specific organizational focus, e.g. CGEIT, CAP
    Specific technical focus, e.g. C|EH, CSFA, GCIH
  • 16. Other Designations - Accounting
    Designations in accounting related to audit (i.e. non-technical)
    Benefits IS professionals through audit-related expertise
    In Canada:
  • 17. Benefits of Certification – For the Professional
    Up to professional to pursue and attain designations
    Professional associations offering certifications have very positive view:
    Improved career prospects
    Demonstrate working knowledge and commitment
    Career differentiator, marketability
    Access to resources, such as networking
  • 18. Benefits of Certification – For the Professional (Cont’d)
    Another view:
    Certifications still good way to show interest or seriousness about career
    But, in many cases:
    Need certifications to keep jobs
    Competing individuals in job market have same certifications
    Need certifications just to get past resume search engines
    No long a source of competitive advantage
  • 19. Benefits of Certification – For the Organization
    Organizations can influence professional pursuit of certifications through hiring, retention, and promotion policies
    Professional associations’ positive view:
    Benefits to professionals extended to employers
    Establish standard of best practices
    Enable a broader perspective, including both business and technology
  • 20. Benefits of Certification – For the Organization (Cont’d)
    The literature agrees
    IS professionals help align IT with business priorities
    IT audits generate value for companies through third-party regular evaluation of information security policies and architecture
    Benefits apply to external as well as internal audit
    External auditors: fees and costs
    Internal and external IS audit are related
  • 21. Guidelines for the Pursuit of IS Audit-Related Designations
    IS audit-related designations provide clear benefits, but has costs
    Financial costs, i.e. Fees and materials
    Non-financial costs, i.e. Time and dedication
    Too many designations may even cause employers to find the resume unattractive
    Should not pursue as many designations as possible
    Return on investment
  • 22. Guidelines ... (Cont’d)
    Long-term approach
    Make a career plan and map in certifications, time, and effort
    Some specific considerations
    General vs. specialized designations
    IT or accounting designations
  • 23. Concluding Remarks – Key Takeaways
    Continuing trend in IS
    IS audit-related designations:
    are relevant and add value,
    but becoming necessity rather than advantage
    Professionals need to take long-term career plan-based approach
  • 24. Thank you
    Questions and Comments
    Are welcome