SlideShare a Scribd company logo

Information Systems Audit-Related Designations

Download as PPTX, PDF
Michael Lin
Michael Lin

In this slidecast, Michael Lin provides an overview on the role of information systems (IS) audits, available IS audit-related designations, and the benefits of attaining or hiring individuals with these designations. He also attempts to provide some guidelines on how an IS audit professional should pursue such designations.

Technology
1 of 24
Information Systems audit-related designations ACC 626: Final Report Slidecast Delivered by: Michael Lin
Information System (IS) Audit... Profession traditionally concerned with audit Increased complexity in IS ingrained in business processes Old requirements + New complexity = Need for new expertise
...-Related Designations Expertise: Specialists? Standardization? In response, professional associations created IS audit-related designations
Overview Role of IS Audits Overview of IS Audit-Related Designations Benefits of Certification – For the Professional Benefits of Certification – For the Organization Guidelines for the Pursuit of IS Audit-Related Designations
Role of IS Audits Need to understand role of IS audits in today’s business environment Role relates to efficiently and effectively conducting audits in the context of complex IS Some audit types where IS audit is employed: Audit of Financial Statements Section 5970 Audits Trust Services Internal Audit
Role of IS Audits (Cont’d) Audit of Financial Statements IS traditionally used to record, process, and summarize transactions for financial statement generation IS increasingly used for other critical business processes in an integrated manner Section 5970 Audits IS utilized for service delivery IS includes many embedded controls
Role of IS Audits (Cont’d) Trust Services Security, availability, processing integrity, confidentiality, and privacy IS clearly important Internal Audit Not external reporting, delivers value in various ways IS may be extensively utilized in business processes i.e. Both internal and external audit may involve IS audit
Overview of IS Audit-Related Designations Extensive number of relevant designations, with some very specialized differences To examine: Major designations in discipline Some classifications of other related designations
Certified Information Systems Auditor (CISA) Single most relevant designation for IS audit Flagship designation for ISACA (actual name), with over more than 85,000 professionals in nearly 160 countries “...for those who audit, control, monitor and assess an organization’s IT and business systems”
CISA (Cont’d) Five job practice domains Domain 1—The Process of Auditing Information Systems (14%) Domain 2—Governance and Management of IT (14%) Domain 3—Information Systems Acquisition, Development and Implementation (19%) Domain 4—Information Systems Operations, Maintenance and Support (23%) Domain 5—Protection of Information Assets (30%)
Certified Information Security Manager (CISM) Second most popular designation offered by ISACA with 16,000 professionals “...for individuals who design, build and manage enterprise information security programs”, with a high-level management focus
CISM (Cont’d) Five job practice domains Domain 1—Information Security Governance (23%) Domain 2—Information Risk Management (22%) Domain 3—Information Security Program Development (17%) Domain 4—Information Security Program Management (24%) Domain 5—Incident Management & Response (14%)
Certified Information Systems Security Professional (CISSP) Offered by the International Information Systems Security Certification Consortium (ISC)2 For “professionals who develop policies and procedures in information security” Offers concentrations in Architecture, Engineering, and Management
CISSP (Cont’d) Ten domains of knowledge: Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security
Other Designations – IS and IT Designations in IS and IT generally (i.e. not necessarily directly related to audit) Benefits IS audit professionals through provision of general background knowledge or specific area expertise Three potential categories: General focus, e.g. I.S.P. Specific organizational focus, e.g. CGEIT, CAP Specific technical focus, e.g. C|EH, CSFA, GCIH
Other Designations - Accounting Designations in accounting related to audit (i.e. non-technical) Benefits IS professionals through audit-related expertise In Canada: CA CMA CGA CIA
Benefits of Certification – For the Professional Up to professional to pursue and attain designations Professional associations offering certifications have very positive view: Improved career prospects Demonstrate working knowledge and commitment Career differentiator, marketability Access to resources, such as networking
Benefits of Certification – For the Professional (Cont’d) Another view: Certifications still good way to show interest or seriousness about career But, in many cases: Need certifications to keep jobs Competing individuals in job market have same certifications Need certifications just to get past resume search engines No long a source of competitive advantage
Benefits of Certification – For the Organization Organizations can influence professional pursuit of certifications through hiring, retention, and promotion policies Professional associations’ positive view: Benefits to professionals extended to employers Establish standard of best practices Enable a broader perspective, including both business and technology
Benefits of Certification – For the Organization (Cont’d) The literature agrees IS professionals help align IT with business priorities IT audits generate value for companies through third-party regular evaluation of information security policies and architecture Benefits apply to external as well as internal audit External auditors: fees and costs Internal and external IS audit are related
Guidelines for the Pursuit of IS Audit-Related Designations IS audit-related designations provide clear benefits, but has costs Financial costs, i.e. Fees and materials Non-financial costs, i.e. Time and dedication Too many designations may even cause employers to find the resume unattractive Should not pursue as many designations as possible Return on investment
Guidelines ... (Cont’d) Long-term approach Make a career plan and map in certifications, time, and effort Some specific considerations General vs. specialized designations IT or accounting designations
Concluding Remarks – Key Takeaways Continuing trend in IS IS audit-related designations: are relevant and add value, but becoming necessity rather than advantage Professionals need to take long-term career plan-based approach
Thank you Questions and Comments Are welcome

Recommended

CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 

Recommended

CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal ControlsBharath Rao
 
Information systems control and audit ~ Lecture # 2
Information systems control and audit ~ Lecture # 2Information systems control and audit ~ Lecture # 2
Information systems control and audit ~ Lecture # 2FCA Vikram S Mathur
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasidwiki apsyarin
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Rudi Kurniawan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Cobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasiCobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasisayuti01
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Ed Tobias
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3aGene Kim
 
Database auditing models
Database auditing models Database auditing models
Database auditing models ERSHUBHAM TIWARI
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )Pajar Bahari
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Language of business
Language of businessLanguage of business
Language of businessAziz Fataliyev, Internal Audit Practitioner
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governancejkllee
 

More Related Content

What's hot

Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal ControlsBharath Rao
 
Information systems control and audit ~ Lecture # 2
Information systems control and audit ~ Lecture # 2Information systems control and audit ~ Lecture # 2
Information systems control and audit ~ Lecture # 2FCA Vikram S Mathur
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasidwiki apsyarin
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Rudi Kurniawan
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Cobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasiCobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasisayuti01
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Ed Tobias
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3aGene Kim
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )Pajar Bahari
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 

What's hot (20)

Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Information systems control and audit ~ Lecture # 2
Information systems control and audit ~ Lecture # 2Information systems control and audit ~ Lecture # 2
Information systems control and audit ~ Lecture # 2
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasi
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Cobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasiCobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasi
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
 
Database auditing models
Database auditing models Database auditing models
Database auditing models
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
 
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoft
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
Language of business
Language of businessLanguage of business
Language of business
 

Similar to Information Systems Audit-Related Designations

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governancejkllee
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governancejkllee
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
Advantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentAdvantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentIBM Analytics
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Enterprise Spice Scope
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scopeespice
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...gueste4e93e3
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course Desmond Muchetu
 
Know about cisa certification
Know about cisa certificationKnow about cisa certification
Know about cisa certificationJasonRoy50
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 

Similar to Information Systems Audit-Related Designations (20)

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governance
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
Advantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentAdvantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environment
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Isms2
Isms2Isms2
Isms2
 
Enterprise Spice Scope
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scope
 
Value of IT Certifications (BDPA Cincinnati)
Value of IT Certifications (BDPA Cincinnati)Value of IT Certifications (BDPA Cincinnati)
Value of IT Certifications (BDPA Cincinnati)
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Know about cisa certification
Know about cisa certificationKnow about cisa certification
Know about cisa certification
 
chap18.ppt
chap18.pptchap18.ppt
chap18.ppt
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Information Systems Audit-Related Designations

  • 1. Information Systems audit-related designations ACC 626: Final Report Slidecast Delivered by: Michael Lin
  • 2. Information System (IS) Audit... Profession traditionally concerned with audit Increased complexity in IS ingrained in business processes Old requirements + New complexity = Need for new expertise
  • 3. ...-Related Designations Expertise: Specialists? Standardization? In response, professional associations created IS audit-related designations
  • 4. Overview Role of IS Audits Overview of IS Audit-Related Designations Benefits of Certification – For the Professional Benefits of Certification – For the Organization Guidelines for the Pursuit of IS Audit-Related Designations
  • 5. Role of IS Audits Need to understand role of IS audits in today’s business environment Role relates to efficiently and effectively conducting audits in the context of complex IS Some audit types where IS audit is employed: Audit of Financial Statements Section 5970 Audits Trust Services Internal Audit
  • 6. Role of IS Audits (Cont’d) Audit of Financial Statements IS traditionally used to record, process, and summarize transactions for financial statement generation IS increasingly used for other critical business processes in an integrated manner Section 5970 Audits IS utilized for service delivery IS includes many embedded controls
  • 7. Role of IS Audits (Cont’d) Trust Services Security, availability, processing integrity, confidentiality, and privacy IS clearly important Internal Audit Not external reporting, delivers value in various ways IS may be extensively utilized in business processes i.e. Both internal and external audit may involve IS audit
  • 8. Overview of IS Audit-Related Designations Extensive number of relevant designations, with some very specialized differences To examine: Major designations in discipline Some classifications of other related designations
  • 9. Certified Information Systems Auditor (CISA) Single most relevant designation for IS audit Flagship designation for ISACA (actual name), with over more than 85,000 professionals in nearly 160 countries “...for those who audit, control, monitor and assess an organization’s IT and business systems”
  • 10. CISA (Cont’d) Five job practice domains Domain 1—The Process of Auditing Information Systems (14%) Domain 2—Governance and Management of IT (14%) Domain 3—Information Systems Acquisition, Development and Implementation (19%) Domain 4—Information Systems Operations, Maintenance and Support (23%) Domain 5—Protection of Information Assets (30%)
  • 11. Certified Information Security Manager (CISM) Second most popular designation offered by ISACA with 16,000 professionals “...for individuals who design, build and manage enterprise information security programs”, with a high-level management focus
  • 12. CISM (Cont’d) Five job practice domains Domain 1—Information Security Governance (23%) Domain 2—Information Risk Management (22%) Domain 3—Information Security Program Development (17%) Domain 4—Information Security Program Management (24%) Domain 5—Incident Management & Response (14%)
  • 13. Certified Information Systems Security Professional (CISSP) Offered by the International Information Systems Security Certification Consortium (ISC)2 For “professionals who develop policies and procedures in information security” Offers concentrations in Architecture, Engineering, and Management
  • 14. CISSP (Cont’d) Ten domains of knowledge: Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security
  • 15. Other Designations – IS and IT Designations in IS and IT generally (i.e. not necessarily directly related to audit) Benefits IS audit professionals through provision of general background knowledge or specific area expertise Three potential categories: General focus, e.g. I.S.P. Specific organizational focus, e.g. CGEIT, CAP Specific technical focus, e.g. C|EH, CSFA, GCIH
  • 16. Other Designations - Accounting Designations in accounting related to audit (i.e. non-technical) Benefits IS professionals through audit-related expertise In Canada: CA CMA CGA CIA
  • 17. Benefits of Certification – For the Professional Up to professional to pursue and attain designations Professional associations offering certifications have very positive view: Improved career prospects Demonstrate working knowledge and commitment Career differentiator, marketability Access to resources, such as networking
  • 18. Benefits of Certification – For the Professional (Cont’d) Another view: Certifications still good way to show interest or seriousness about career But, in many cases: Need certifications to keep jobs Competing individuals in job market have same certifications Need certifications just to get past resume search engines No long a source of competitive advantage
  • 19. Benefits of Certification – For the Organization Organizations can influence professional pursuit of certifications through hiring, retention, and promotion policies Professional associations’ positive view: Benefits to professionals extended to employers Establish standard of best practices Enable a broader perspective, including both business and technology
  • 20. Benefits of Certification – For the Organization (Cont’d) The literature agrees IS professionals help align IT with business priorities IT audits generate value for companies through third-party regular evaluation of information security policies and architecture Benefits apply to external as well as internal audit External auditors: fees and costs Internal and external IS audit are related
  • 21. Guidelines for the Pursuit of IS Audit-Related Designations IS audit-related designations provide clear benefits, but has costs Financial costs, i.e. Fees and materials Non-financial costs, i.e. Time and dedication Too many designations may even cause employers to find the resume unattractive Should not pursue as many designations as possible Return on investment
  • 22. Guidelines ... (Cont’d) Long-term approach Make a career plan and map in certifications, time, and effort Some specific considerations General vs. specialized designations IT or accounting designations
  • 23. Concluding Remarks – Key Takeaways Continuing trend in IS IS audit-related designations: are relevant and add value, but becoming necessity rather than advantage Professionals need to take long-term career plan-based approach
  • 24. Thank you Questions and Comments Are welcome