jump to navigation

Secret’s Out December 26, 2014

Posted by Audit Monkey in The Joy & Pain of Internal Audit.
Tags: , , , ,

Last Saturday week I did something that I swore I would never do ever again and that’s sit a professional exam.  For the avoidance of doubt, it was the CISA exam.

I’m sure there are better things to do on a Saturday morning rather than getting up at silly o’clock, traveling to an exam hall in the back of beyond and sitting on one’s bottom for four hours answering exam questions.  It’s difficult knowing what else to say as ISACA (the CISA Exam Board) take a very negative view of anyone who reproduces any their exam questions, so I’m going to answer a load of ‘pretend’ questions instead.

What did you think about the CISA syllabus?
The CISA syllabus is split into five sections. The first section deals with Auditing, the second governance, the third project management, the fourth networks and fifth info-security (info-sec).  For anyone holding an accountancy qualification, sections 1 to 3 were fairly straight forward.  The more tricky sections for non-IT bods were on networks and info-sec.  The CISA book covers alot of ground and is a reasonable in detailing the key concepts.  My own personal criticism is that the text-book tends to go into detail about a particular piece of technology, only to state that particular technology is no longer used in practice as it is either too expensive or cumbersome, which begs the question, why include it in the first instant!

In the exam-hall I actually spoke to some other candidates as there was time to kill before the exam commenced.  One candidate’s criticism was that the subject matter was dated, e.g. no-one uses SDLC for project management or cold-sites for BCP.  As I explained to him, Exam Boards have to teach a theoretical model as everyone in the real world varies.  However, I would agree that in the real world, cold-sites are rare and how many firms really care about BCP?

What did you think about the CISA Revision guide?
In some instances, the answers to the practice questions are ambiguous and logic for the correct answer beggared belief.  This reminded me of the famous British game-show 3-2-1 where contestants had to reject prizes (including a bin [trash can]) based on cryptic clues, none of which made any sense and they had to make a number of assumptions to arrive at the correct answer.  This phenomena was repeated in the exam.  It does help that ISACA, unlike other professional bodies, e.g. ACCA, do not publish the previous exam papers with model answers.

So what did you think about the exam?
As anticipated, the 3-2-1 moment occurred, so there was considerable analysis of the questions and some second guessing what answer the Examiner was looking for.  For example, there was one question in the exam where an entity had suffered a major IT hack (sound familiar? Sony perhaps?) but IT Audit lacked the relevant skill set to act.  One answer was to approach an ‘external firm’ or ‘wait until IT Audit had specific training’.  Of course, the nature of the external firm wasn’t detailed, so it could have been a firm of carpenters (Christmas – carpenters – geddit?) or hard-core IT specialists, so it’s anyone guess whether it was the correct answer.

So did you pass?
I don’t know.  I suspect not as there were a handful of questions which I didn’t know the answer to which will drag down the final score!

Do you think CISA will enhance your career?
The jury’s out.  Biggins, my former manager was enthusiastic.  He thinks there aren’t too many Auditors about who have the finance and an IT qualification, so this should yield results.  A colleague was less complimentary and felt by obtaining the CISA qualification this did not make me an IT Auditor.  Sure, some familiarisation required but I don’t see it being ‘that’ difficult.  Watch this space.


1. ITauditSecurity - December 30, 2014

What a surprise! Also a good idea with your background and job challenges. It will sure make you more employable as you can swing both ways, or more importantly, be a better auditor as you have a wider viewpoint and understanding. Few auditors can do both finance and IT.

So did you use just the ISACA book? Did you take a look at my free CISA study guide?

Can’t wait to hear whether you passed. I’d be surprised if you didn’t.


And you promised me a comment that hasn’t been delivered….

I’m so glad you’re still blogging. Can’t wait to see you start posting more about IT woes. 🙂

2. Audit Monkey - January 1, 2015

I only used the ISACA book. All the answers to the questions are in the book; the exam questions are simply regurgitated from the text book. Contrary to popular belief the Examiners don’t stray into other areas despite publishing additional books or resources to read.

As for the famous ITAS study guide, I did look at it but relied on the text book and revision kit. I will provide some more complete feedback another time (don’t you just love that term ‘feedback’!). The one item I did take from it was the use of the OSI model but I didn’t rote learn the different layers.

I suspect I haven’t passed as the exam focused on some low level topics, e.g. server room temperature, which I did not pay much attention to while studying. In context I was expecting a technically harder exam, i.e. more focus and depth on areas such as info sec which wasn’t reflected in the actual exam.

If none of this makes any sense it’s because I’m nursing a New Year’s Day hangover. Hey ho!

ITauditSecurity - January 6, 2015

I have lamented for a long time on my blog about how little IT or understanding of it is required to pass this exam. It’s laughable.

You are correct, the ISACA book is all you need, but it’s a really sad read.

I do love monkey feedback; better than overripe bananas.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: