CISA Job Practice (Old and New)

The ISACA’s renowned certification, ‘Certified Information Systems auditor’ (or commonly known as CISA), is world-famous. This CISA certification is for IT professionals or security professionals who want to show off their audit experience, skills, and knowledge.
June 2019 is the effective date for the new CISA job policy. We have compared the changes to the CISA job practices (2016) and the new one. Here are the highlights.
Highlights of CISA job practice 2016 & 2019:
CISA job practice 2016CISA job practice 2019Five domainsFive domainsNo sub-domainsSub-domains introduced for better clarity 38 task statements 39 task statements (reworded and rewritten)No. of questions: 150 questionsNo. of questions: 150 questionsDuration: 4 hoursDuration: 4 hours
Here’s a comparison of CISA domains in 2016 and 2019.
CISA job practice domain 2016CISA career practice domain 2019Domain 1–The Process of Auditing Information Systems (21%).Domain 1: Information System Auditing Process (21%).

SAME WEIGHTAGE AS BEFOREDomain 2–Governance and Management of IT (16%)Domain2: Governance and Management of IT (17%)
WEIGHTAGE CHANGE : +1%Domain 3-Information Systems Acquisition, Development and Implementation (18%)Domain 3. Information Systems, Acquisition, Development and Implementation (12%)
WEIGHTAGE CHANGE: -6%Domain 4-Information Systems Operations, Maintenance and Service Management (20%)Domain4: Information Systems Operations and Business Recovery (23%)

Domain 5–Protection of Information Assets (25%). Domain 5: Protection of Information Assets (27%).
WEIGHTAGE CHANGE – +2%Differences within the first domain
Domain 1 – The Process of Auditing Information Systems (2016)Domain 1 – The Process of Auditing Information Systems 2019
1.2 Knowledge of risk assessment concepts and tools, and techniques used in planning and examination, reporting, and follow-up
1.3 Knowledge of the fundamental business processes (e.g. purchasing, payroll and accounts payable) and the role that IS plays in these processes
1.4 Knowledge of control principles related to controls within information systems
1.5 Knowledge of risk-based audit planning, and audit project management techniques, which includes follow-up
1.6 Knowledge of applicable laws and regulations that impact the frequency, scope, preservation and collection of evidence
1.7 Knowledge of the evidence collection methods (e.g. observation, inquiry and inspection, interview, data analysis techniques, computer-assisted auditor techniques [CAATs]), used to collect, protect, and preserve audit evidence
1.8 Knowledge of various sampling methods and other substantive/data analytic procedures
1.9 Knowledge of communication and reporting techniques (e.g. facilitation, negotiation, conflict resolutions, audit report structure/issue writing, management summary, verification)
1.10 Knowledge about audit quality assurance (QA), systems and frameworks
1.11 Understanding of the various types of audits (e.g. internal, external, and financial) and methods of assessing and relying on the work of other auditors and control entities
A. Planning
1. IS Audit Standards, Guidelines and Codes of Ethic
2. Business Processes
3. Types of controls
4. Risk-Based Audit Planning
5. Types of Assessments and Audits
B. Execution
1. Audit Project Management
2. Sampling Methodology
3. Audit Evidence Collection Techniques
4. Data Analytics
5. Reporting and Communication Techniques

Differences in the second domain
Domain 2 – Governance and Management IT (2016)Domain 2 Governance and Management IT (2019)2.1 Knowledge about the purpose of IT strategy and policies, standards, and procedures

Comments are closed