It's not enough to possess knowledge - one must be certified. If you're a system auditor, there's no better certification than the CISA. It certifies that your knowledge meshes with the requirements of the ISACA. Information technology is a field that is always in flux, and with each advance in technology come related questions of business practice and ethics - and ultimately these become questions of law. A technology auditor must know not only the law, but the reasons for the law.

™

Now the CISA examination itself is a grueling four hour process, and you must have experience either in auditing or in IT to qualify for it. Six subjects are examined in the four hours, and perhaps the most important of these is Information Security Processes.

Information Security Processes is a section that actually covers the entire range of actions incorporated within an audit process. As part of this process, information is first collected, both from sources within and outside the organization. This information gathering must itself be painstaking and reliable - remember, if you have flawed data at the start, it will effect your subsequent results and from there the entire progress and ultimate success of your auditing efforts.

Once you have your data, this information is carefully documented and studied, and a thorough and meticulous assessment made of the software used by the organization. Network security data flow is then tested, examining how securely data transfers are within the organizations internal networks - something that can be critical. Besides all this, any continuity plans the business may have in case of disaster or catastrophic failure are examined, as also backup plans floated by the business in case of total failure or any sort of disaster. Finally, one examines the areas where information is physically stored - this is of crucial importance, as a failure in this area can have disastrous consequences. The offices and areas where business is actually conducted must also be carefully examined carefully by the conscientious auditor.

The implementation of the CISA examination has resulted in a considerable standardization of skills and functions among auditors in the IT industry. This was an extremely necessary step, as this is a fast growing and ever changing industry, an industry in a constant change of flux, and rules and guidelines that might apply perfectly well today could well turn out to be completely invalid a few months down the line. The CISA examinations, by meticulous testing of applicants, holds the industry to the requirements and guidelines of Information Systems Audit and Control Association, or ISACA.

By strenuous testing (the examination is 200 questions long and lasts four whole hours!) the CISA ensures that it covers every aspect of an auditors job, from Information Security Processes to Systems and Infrastructure Lifecycle Management.

Now what exactly is the point of all this? It's very simple. An IT auditor's job can be just as strenuous as the examination. As an example, one of the goals of an auditor's mandate is to not only maintain the smooth functioning of the organization, but to make sure it survives - to literally extend it's lifespan. This comes under the auspices of what we call Information Technology Governance, one of the areas covered by the CISA. One learns to assess and manage business risks, and to ensure that the organization complies with standard accounting practices.

The whole integral concept of IT management involves the study and control of the different components of the business. This covers not only the identification and acquisition of key components, but also their later installation and management. One has to ensure that implementing new strategies actually fits into the overall company, and does not end by disrupting the smooth running of the organization cisa training london - because without this the organization will be unable to meet it's goals.

There are other aspects that are covered - Systems and Infrastructure Lifecycle Management was another area we mentioned. Here, with the aid of potent tools, data is documented and then secured. These are the core integral aspects of the process.

The failure of backups after a catastrophic failure of main systems is unacceptable - so current and regular backups of all systems is key. It's absolutely essential to ensure that the core data bank remains secure - and it's equally crucial to ensure that any backup systems also retain their integrity. For this to succeed, not only do we need backup systems in place, but we also need to ensure that we have a schedule upon which we can work to ensure re-integration of backups with the main database in case of a catastrophic failure.