Information Systems Audit-Related Designations


Published on

In this slidecast, Michael Lin provides an overview on the role of information systems (IS) audits, available IS audit-related designations, and the benefits of attaining or hiring individuals with these designations. He also attempts to provide some guidelines on how an IS audit professional should pursue such designations.

Published in: Technology
  • Be the first to comment

Information Systems Audit-Related Designations

  1. 1. Information Systems audit-related designations<br />ACC 626: Final Report Slidecast<br />Delivered by: Michael Lin<br />
  2. 2. Information System (IS) Audit...<br />Profession traditionally concerned with audit<br />Increased complexity in IS ingrained in business processes<br />Old requirements + New complexity = Need for new expertise<br />
  3. 3. ...-Related Designations<br />Expertise:<br />Specialists?<br />Standardization?<br />In response, professional associations created IS audit-related designations<br />
  4. 4. Overview<br />Role of IS Audits<br />Overview of IS Audit-Related Designations<br />Benefits of Certification – For the Professional<br />Benefits of Certification – For the Organization<br />Guidelines for the Pursuit of IS Audit-Related Designations<br />
  5. 5. Role of IS Audits<br />Need to understand role of IS audits in today’s business environment<br />Role relates to efficiently and effectively conducting audits in the context of complex IS<br />Some audit types where IS audit is employed:<br />Audit of Financial Statements<br />Section 5970 Audits<br />Trust Services<br />Internal Audit<br />
  6. 6. Role of IS Audits (Cont’d)<br />Audit of Financial Statements<br />IS traditionally used to record, process, and summarize transactions for financial statement generation<br />IS increasingly used for other critical business processes in an integrated manner<br />Section 5970 Audits<br />IS utilized for service delivery<br />IS includes many embedded controls<br />
  7. 7. Role of IS Audits (Cont’d)<br />Trust Services<br />Security, availability, processing integrity, confidentiality, and privacy<br />IS clearly important<br />Internal Audit<br />Not external reporting, delivers value in various ways<br />IS may be extensively utilized in business processes<br />i.e. Both internal and external audit may involve IS audit<br />
  8. 8. Overview of IS Audit-Related Designations<br />Extensive number of relevant designations, with some very specialized differences<br />To examine:<br />Major designations in discipline<br />Some classifications of other related designations<br />
  9. 9. Certified Information Systems Auditor (CISA)<br />Single most relevant designation for IS audit<br />Flagship designation for ISACA (actual name), with over more than 85,000 professionals in nearly 160 countries<br />“...for those who audit, control, monitor and assess an organization’s IT and business systems”<br />
  10. 10. CISA (Cont’d)<br />Five job practice domains<br />Domain 1—The Process of Auditing Information Systems (14%)<br />Domain 2—Governance and Management of IT (14%)<br />Domain 3—Information Systems Acquisition, Development and Implementation (19%)<br />Domain 4—Information Systems Operations, Maintenance and Support (23%)<br />Domain 5—Protection of Information Assets (30%)<br />
  11. 11. Certified Information Security Manager (CISM)<br />Second most popular designation offered by ISACA with 16,000 professionals<br />“...for individuals who design, build and manage enterprise information security programs”, with a high-level management focus<br />
  12. 12. CISM (Cont’d)<br />Five job practice domains<br />Domain 1—Information Security Governance (23%)<br />Domain 2—Information Risk Management (22%)<br />Domain 3—Information Security Program Development (17%)<br />Domain 4—Information Security Program Management (24%)<br />Domain 5—Incident Management & Response (14%)<br />
  13. 13. Certified Information Systems Security Professional (CISSP)<br />Offered by the International Information Systems Security Certification Consortium (ISC)2<br />For “professionals who develop policies and procedures in information security”<br />Offers concentrations in Architecture, Engineering, and Management<br />
  14. 14. CISSP (Cont’d)<br />Ten domains of knowledge:<br />Access Control <br />Application Development Security <br />Business Continuity and Disaster Recovery Planning <br />Cryptography <br />Information Security Governance and Risk Management <br />Legal, Regulations, Investigations and Compliance <br />Operations Security <br />Physical (Environmental) Security <br />Security Architecture and Design <br />Telecommunications and Network Security<br />
  15. 15. Other Designations – IS and IT<br />Designations in IS and IT generally (i.e. not necessarily directly related to audit)<br />Benefits IS audit professionals through provision of general background knowledge or specific area expertise<br />Three potential categories:<br />General focus, e.g. I.S.P.<br />Specific organizational focus, e.g. CGEIT, CAP<br />Specific technical focus, e.g. C|EH, CSFA, GCIH <br />
  16. 16. Other Designations - Accounting<br />Designations in accounting related to audit (i.e. non-technical)<br />Benefits IS professionals through audit-related expertise<br />In Canada:<br />CA<br />CMA<br />CGA<br />CIA<br />
  17. 17. Benefits of Certification – For the Professional<br />Up to professional to pursue and attain designations<br />Professional associations offering certifications have very positive view:<br />Improved career prospects<br />Demonstrate working knowledge and commitment<br />Career differentiator, marketability<br />Access to resources, such as networking<br />
  18. 18. Benefits of Certification – For the Professional (Cont’d)<br />Another view:<br />Certifications still good way to show interest or seriousness about career<br />But, in many cases:<br />Need certifications to keep jobs<br />Competing individuals in job market have same certifications<br />Need certifications just to get past resume search engines<br />No long a source of competitive advantage<br />
  19. 19. Benefits of Certification – For the Organization<br />Organizations can influence professional pursuit of certifications through hiring, retention, and promotion policies<br />Professional associations’ positive view:<br />Benefits to professionals extended to employers<br />Establish standard of best practices<br />Enable a broader perspective, including both business and technology<br />
  20. 20. Benefits of Certification – For the Organization (Cont’d)<br />The literature agrees<br />IS professionals help align IT with business priorities<br />IT audits generate value for companies through third-party regular evaluation of information security policies and architecture<br />Benefits apply to external as well as internal audit<br />External auditors: fees and costs<br />Internal and external IS audit are related<br />
  21. 21. Guidelines for the Pursuit of IS Audit-Related Designations<br />IS audit-related designations provide clear benefits, but has costs<br />Financial costs, i.e. Fees and materials<br />Non-financial costs, i.e. Time and dedication<br />Too many designations may even cause employers to find the resume unattractive<br />Should not pursue as many designations as possible<br />Return on investment<br />
  22. 22. Guidelines ... (Cont’d)<br />Long-term approach<br />Make a career plan and map in certifications, time, and effort<br />Some specific considerations<br />General vs. specialized designations<br />IT or accounting designations<br />
  23. 23. Concluding Remarks – Key Takeaways<br />Continuing trend in IS<br />IS audit-related designations:<br />are relevant and add value,<br />but becoming necessity rather than advantage<br />Professionals need to take long-term career plan-based approach<br />
  24. 24. Thank you<br />Questions and Comments<br />Are welcome<br />