ISACATRUST IN, AND VALUE FROM, INFORMATION SYSTEMSISACA.ORG

©2014 ISACA. All rights reserved.

CERTIFICATIONINFORMATION SESSION

WWW.ISACA.ORG/CERTIFICATION

ISACA FACTS

• Founded in 1969 as the EDP Auditors Association

• Since 1978, CISA has been a globally accepted standard of competency among IS audit, control, assurance and security professionals

• More than 120,000 members in over 180 countries

• More than 200 chapters worldwide

• Canberra Chapter founded in 1985 (30th anniversary)

• 330 Members in Canberra

CERTIFCATION TARGET JOBS

Qualification CISA CISM CRISC CGEIT

Potential Career

Path

Chief Audit Executive Chief Security Officer Chief Risk Officer Chief Information Officer

Work Performed Provide assurance by

conducting audits and

assessments of information

systems

Oversee, direct and manage

information security activities

Identify, evaluate and manage

risk through the development,

implementation and

maintenance of information

systems controls

Define, establish, maintain and

manage a framework of

governance

Experience

Required

IT auditors and consultants

who provide assurance

services (3-5 years)

Information security managers

and security consultants who

direct and manage an

information security program

(10 years+)

IT and business risk and control

practitioners who manage risk

and implement information

systems controls (8 years,

during grandfathering program)

IT and business managers and

consultants who direct the

governance of IT at an enterprise

level (10 years+)

CISA REQUIREMENTS

• Earn a passing score on the CISA Exam

• Submit verified evidence of a minimum of five years of verifiable IS audit, control or security experience (substitutions available)

• Submit the CISA application (within 5 years of passing date) and receive approval (www.isaca.org/cisaapp)

• Adhere to the ISACA Code of Professional Ethics

• Abide by IS Auditing Standards as adopted by ISACA

• Comply with continuing professional education policy (www.isaca.org/cisacpepolicy)

More information may be found at www.isaca.org/cisarequirements

CISM REQUIREMENTS

• Earn a passing score on the CISM exam

• Submit verified evidence of a minimum of five years of information security management work experience (covering 3 of the 4 job practice domains – www.isaca.org/cismjobpractice )

• Submit completed CISM application within 5 years of passing exam and receive approval

• Adhere to the ISACA Code of Professional Ethics

• Comply with the CISM Continuing Professional Education Policy

More information may be found at www.isaca.org/cismrequirements

CGEIT REQUIREMENTS

• Earn a passing score on the CGEIT exam

• Submit verified evidence of the five years experience requirements as defined by the CGEIT Job Practice

• Submit the CGEIT application (within 5 years of passage of the exam) and receive approval

• Adhere to the ISACA Code of Professional Ethics

• Comply with the CGEIT Continuing Education Policy

More information may be found at www.isaca.org/cgeitrequirements

CRISC REQUIREMENTS

• Earn a passing score on the CRISC exam

• Submit completed CRISC application within 5 years of passing exam and receive approval

• Submit verified evidence of a minimum of 3 years of risk and information systems controls experience (covering 3 of the 5 job practice domains)

• Adhere to the ISACA Code of Professional Ethics

• Comply with the CRISC Continuing Professional Education Policy (www.isaca.org/crisccpepolicy)

• More information may be found at www.isaca.org/criscrequirements

KEY DATES 2015

June ExamExam Date: Saturday June 13Early Registration: Closes February 11Final Registration: Closes April 10

September Exam (Not Run in Canberra, CISA & CISM only)Exam Date: Saturday September 12Early Registration: Closes June 17Final Registration: Closes July 24

December ExamExam Date: Saturday December 12Early Registration: Closes August 19Final Registration: Closes October 23

EXAM REGISTRATION FEES

Early Registration

• ISACA Member: US $440.00

• Non-Member: US $625.00

Final Registration

• ISACA Member: US $490.00

• Non-Member: US $675.00

Register Online at www.isaca.org/examreg and save $$

• Online registration via the ISACA web site is encouraged, as candidates will save US $75. Non-members can join ISACA at the same time, which maximizes their savings.

Exam registration fees must be paid in full to sit for the exams. Those whose exam registration fees are not paid will notbe sent an exam admission ticket and their registration will be cancelled.

CANDIDATE INFORMATION GUIDE

The ISACA Exam Candidate Information Guide includes candidate information about exam registration, dates, and deadlines and provides important key candidate details for exam day administration. This publication is available online at www.isaca.org/examguide. Translated copies are also available in each of the exam languages at this link.

Links for the hard copy registration forms can be found at www.isaca.org/examreg or at the following links for each specific certification:

• CISA: www.isaca.org/cisaregform

• CISM: www.isaca.org/cismregform

• CGEIT: www.isaca.org/cgeitregform

• CRISC: www.isaca.org/criscregform

ARE YOU A MEMBER?

• $US185 cheaper to register as a member

• How much to become a member?:• $US135 ISACA Membership Fee (2015 Membership)

• $US30 Local Chapter Dues

• $US10 Joining Fee ($US30 if you don’t join online)

• $US175 total

• Joining is simple during the exam registration process

• Or go to www.isaca.org/join

EXAM STRUCTURE

CISA – 4 hour exam, 200 multiple choice questions

CRISC – 4 hour exam, 200 multiple choice questions

CISM – 4 hour exam, 200 multiple choice questions

CGEIT – 4 hour exam, 150 multiple choice questions

Questions:

• are designed to test practical knowledge and experience

• have four options (answer choices)

• require the candidate to choose one best answer.

EXAM QUALITY

Ensured by:

• Job Practice Analysis Study: Determines content

• Test Development Standards: Ensures high standards for the development and review of questions

• Review Process: Provides two reviews of questions by independent committees before acceptance into pool

• Periodic Pool Cleaning: Ensures that questions in the pool are up-to-date by continuously reviewing questions

• Statistical Analysis of Questions: Ensures quality questions and grading by analyzing exam statistics for each language

CISA EXAM DOMAIN AREAS

Domain 1—The Process of Auditing Information Systems (14%)

Domain 2—Governance and Management of IT (14%)

Domain 3—Information Systems Acquisition, Development and Implementation (19%)

Domain 4—Information Systems Operations, Maintenance and Support (23%)

Domain 5—Protection of Information Assets (30%)

CISM EXAM DOMAIN AREAS

Domain 1—Information Security Governance (24%)

Domain 2—Information Risk Management and Compliance (33%)

Domain 3—Information Security Program Development and Management (25%)

Domain 4—Information Security Incident Management (18%)

CRISC EXAM DOMAIN AREAS

Domain 1—Risk Identification (27%)

Domain 2—Risk Assessment (28%)

Domain 3—Risk Response and Mitigation (23%)

Domain 4—Risk and Control Monitoring and Reporting (22%)

CGEIT EXAM DOMAIN AREAS

Domain 1: Framework for the Governance of Enterprise IT (25%)

Domain 2: Strategic Management (20%)

Domain 3: Benefits Realization (16%)

Domain 4: Risk Optimization (24%)

Domain 5: Resource Optimization (15%)

HOW TO STUDY

CISA STUDY MATERIALS

ISACA Members Non-Members

CISA Review Manual 2015 (US) $105.00 (US) $135.00

CISA Review Questions, Answers & (US) $100.00 (US) $130.00Explanations Manual 2015

CISA Review Questions, Answers & (US) $40.00 (US) $60.00Explanations Manual 2015 Supplement

CISA Practice Question Database 12 month (US) $185.00 (US) $225.00subscription

*******

For a complete listing of materials including product descriptions visit: www.isaca.org/cisabooks

Additional resources to assist in studying for the exam visit: www.isaca.org/examprep

CGEIT STUDY MATERIALS

ISACA Members Non-Members

CGEIT Review Manual 2015 (US) $85.00 (US) $115.00

CGEIT Review Questions, Answers & (US) $40.00 (US) $60.00Explanations Manual 2015

CGEIT Review Questions, Answers & (US) $40.00 (US) $60.00Explanations Manual 2015 Supplement

For detailed descriptions of the available study materials as well as information on preparing for the CGEIT exam visit:

www.isaca.org/cgeitbooks

www.isaca.org/cgeitprep

www.isaca.org/cgeitreferences

CRISC STUDY MATERIALS

ISACA Members Non-Members

CRISC Review Manual 2015 (US) $85.00 (US) $115.00

CRISC Review Questions, Answers & (US) $60.00 (US) $80.00Explanations Manual 2015

CRISC Review Questions, Answers & (US) $40.00 (US) $60.00Explanations Manual 2015 Supplement

CRISC Practice questions database 12 month (US) $185.00 (US) $225.00subscription

For detailed descriptions visit www.isaca.org/criscbooks

Additional information on exam preparation available at: www.isaca.org/criscprep

CISM STUDY MATERIALS

ISACA Members Non-Members

CISM Review Manual 2015 (US) $85.00 (US) $115.00

CISM Review Questions, Answers & (US) $70.00 (US) $90.00Explanations Manual 2015

CISM Review Questions, Answers & (US) $40.00 (US) $60.00Explanations Manual 2015 Supplement

CISM Practice Question Database 12 month (US)$120.00 (US) $160.00subscription

For detailed descriptions visit www.isaca.org/cismbooks

Additional information on exam preparation available at: www.isaca.org/cismprep

STUDY SESSIONS

• The ISACA Canberra Chapter puts on free study sessions for ISACA members. These are done by volunteers and you will be contacted shortly after enrolment closes.

• Sydney Chapter 2 Day Boot Camp for each exam – discount for ISACA members

• CISA Online Learning http://www.isaca.org/Education/Training/exam-review-courses/Pages/CISA-Online-Review-Course.aspx

$US100 per module or $US250 for all 5 modules

ONLINE COMMUNITIES

• CISAhttp://www.isaca.org/Groups/Professional-English/cisa-exam-study-community-2013

• CISMhttp://www.isaca.org/Groups/Professional-English/cism-exam-study-community-2013

• CRISChttp://www.isaca.org/Groups/Professional-English/crisc-exam-study-community-2013

• CGEIThttp://www.isaca.org/Groups/Professional-English/cgeit-exam-study-community-2013

WHAT HAPPENS AFTER YOU PASS

To become certified and enjoy the benefits of certification, one must earn the required job

experience and submit an application within 5 years of exam passage.

Applications for Certification is available at:

www.isaca.org/CISAapp

www.isaca.org/CGEITapp

www.isaca.org/CRISCapp

www.isaca.org/CISMapp

General information:

• Complete and submit application with the requisite experience.

• Application requires the work experience to be verified. A Verification of Work Experience form is included in the application

• When applying for certification, there is a US $50 application fee.

• Abide by the ISACA Code of Professional Ethics (www.isaca.org/ethics)

• Instructions for completion of form are included in links above.

• Until an application is received and approved, candidates are not CISA certified and cannot use the designation. Candidates have 5 years from the passing date to apply for certification. After the 5 year period the exam score is voided.

CONTINUING PROFESSIONAL EDUCATION (CPE) POLICY DETAILS

CONTINUING PROFESSIONAL EDUCATION (CPE) REQUIREMENTS

1. Once certified, the certification must be renewed annually. Maintaining the certification requires:

• Earning and reporting an annual minimum of 20 hours of continuing professional education

• Earning and reporting a minimum of 120 hours of continuing education for each fixed three-year period (each 3-year cycle)

• Paying the annual certification maintenance fee

• Responding to and submitting required documentation of continuing education activities if selected for an annual audit

• Comply with the ISACA Code of Professional Ethics (www.isaca.org/ethics)

ISACA membership provides many CPE opportunities which can assist you with meeting this requirement. For more details visit www.isaca.org/cpe.

CPE policy for each certification available at: www.isaca.org/CPE

FREE CPE FOR MEMBERS

Webinars and Virtual Conferences — CPE quizzes are for members

only.

up to 36 free CPEs per year

Canberra Chapter Professional Updates up to 10 CPEs per year

Journal quizzes: Earn one CPE for each of six journals per year—

members only.

6 free CPEs per year

Serving as an ISACA Volunteer:

Participate on an ISACA or ITGI board, committee, task force or as an

officer of an ISACA chapter, and gain one CPE credit (up to 20 per

year) for each hour of active participation. (Consult Qualifying

Educational Activities for CISA, CISM, CGEIT and CRISC members.)

www.isaca.org/participate

20 free CPEs per year

Mentoring:

Earn one CPE for each hour of mentoring efforts directly related to

coaching, reviewing or assisting an individual with

CISA/CISM/CGEIT/CRISC exam preparation or providing career

guidance through the credentialing process.

10 free CPEs per year

TOTAL Possible FREE CPEs for ISACA Certified Members: 82 free CPEs per year

ISACA CODE OF PROFESSIONAL ETHICS

ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders. Failure to comply with this Code of Professional Ethics can result in an investigation into a member's or certification holder's conduct and, ultimately, in disciplinary measures.

Members and ISACA certification holders shall:

1. Support the implementation of, and encourage compliance with, appropriate standards and procedures for the effective governance and management of enterprise information systems and technology, including: audit, control, security and risk management.

2. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards.

3. Serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting their profession or the Association.

www.isaca.org/ethics

ISACA CODE OF PROFESSIONAL ETHICS(CONTINUED)

Members and ISACA certification holders shall:

4. Maintain the privacy and confidentiality of information obtained in the course of their activities unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

5. Maintain competency in their respective fields and agree to undertake only those activities they can reasonably expect to complete with the necessary skills, knowledge and competence.

6. Inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the results.

7. Support the professional education of stakeholders in enhancing their understanding of the governance and management of enterprise information systems and technology, including: audit, control, security and risk management.

www.isaca.org/ethics

WANT TO KNOW MORE?

Please contact us at:

ISACA Canberra Chapter

GPO Box 535

Canberra ACT 2601

Email ISACACanberraPresident@outlook.com (please email if you want a copy of these slides)

Web site: www.isaca.org/canberra

ISACA International

3701 Algonquin Road

Suite 1010

Rolling Meadows, IL 60008 USA

Phone: +1.847.660.5660

Fax: +1.847.253.1443

Email: certification@isaca.org exam@isaca.org

Web site: www.isaca.org www.isaca.org/certification