CISA and CISM: Internationally Recognized for Future Success
Attaining the right certification has become especially important now that Sarbanes-Oxley in the United States and increased scrutiny worldwide have focused attention on enterprise finances and the IT processes that support financial system control and reporting. In fact, the recent “IT Governance Global Status Report” from the IT Governance Institute (ITGI) found that more than 93 percent of global CEOs and executives surveyed recognize that information technology is vital to deliver the organization’s strategy. The role of IT has become so important, according to the report, that 58 percent of respondents regularly have IT on their organization’s board agenda.
These changes in the business environment make finding the best-qualified professionals critically important. Internationally respected certifications provide employers with one way to determine if someone is the right person for the job. According to David Foote, president and chief research officer for Foote Partners, an IT workforce research firm and management consultancy, “Many IT and business line managers interviewed in recent research support the notion that certification is a more meaningful measure of comparing IT workers than untested or self-reported skills competence.”
Among the most sought-after certifications are two offered by the Information Systems Audit and Control Association (ISACA), the global leader in information governance, security and assurance. The Certified Information Systems Auditor (CISA) and the Certified Information Security Manager (CISM) have been cited as leading certifications for information professionals.
According to surveys by Foote Partners LLC, IT professionals holding the CISA certification earned the largest gains in premium bonus pay among the 56 certifications surveyed during 2002 and 2003. With a 25 percent increase in 2003 and a 38 percent increase over 2002 and 2003, the CISA certification experienced “the biggest increase for all certifications surveyed.” This increase is especially significant since the report found that premium pay for all certifications declined by 5.6 percent during 2003.
A 2003 survey of CISA-certified ISACA members revealed that the majority (67 percent) believed that obtaining the certification helped advance their careers. When all respondents, CISA or not, were asked if they thought gaining the CISA would help their careers in the future, 71 percent of responses were positive.
“Earning the CISA designation demonstrates attainment of a highly regarded qualification and commitment to stay current in a fast-changing technological world. It brings with it recognition and positive reputation for certified professionals worldwide in the IS audit and control field,” said Ria Lucas, chair of the CISA Certification Board. “We have found that employers around the world prefer to hire and retain those who achieve and maintain the CISA designation.”
First offered in 1978, the CISA program has measured excellence in the area of IS auditing, control and security. Today, the CISA certification has been earned by more than 35,000 professionals since its inception, and more than 14,000 individuals registered for the 2004 exam.
Part of the reason behind CISA’s success is that earning a CISA goes far beyond just taking the exam. The CISA certification requires candidates to:
- Successfully complete the CISA examination, which is offered in 11 languages and administered at more than 220 locations around the world.
- Submit evidence of at least five years of professional experience in IS auditing, control or security.
- Follow the Code of Professional Ethics to guide professional and personal conduct.
- Attend continuing professional education.
- Adhere to the Information Systems Auditing Standards adopted by ISACA.
Responding to the need for a higher-level information security credential that goes beyond the practitioner level, ISACA developed the CISM credential in 2002. CISM has rapidly earned a spot among the top certifications and was among 10 new programs that Certification Magazine said “…represent innovative topics or subject focus, certify interesting and useful skill and knowledge or represent ways to involve IT professionals early in programs that require years of documented work experience.”
Offered for senior professionals who manage an organization’s information security and possess the knowledge and experience to implement and direct an IT security structure that manages risk effectively, the CISM designation is for managers who understand and support the closely linked relationship between business strategy and security.
Businesses today face increasingly complex security threats, and the CISM designation provides assurance to senior executives and boards of directors that their information security managers have the expertise to reduce risks and protect the organization. Professionals and their companies have responded positively to the CISM certification. In less than two years, more than 5,000 professionals have been certified, and the CISM exam saw a 160 percent increase in registrations during its second year.
To earn a CISM designation, candidates must:
- Successfully complete the CISM examination, which is administered at more than 220 locations around the world.
- Adhere to the Code of Professional Ethics.
- Attend continuing professional education.
- Submit verified evidence of at least five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice areas. Waivers for general information security work experience are available, if certain education or certification requirements are met.
The CISA and CISM certifications have gained the importance they now enjoy in part due to ISACA’s unique position in the industry. The organization first got its start in 1967, when a small group of individuals with similar jobs–auditing controls in the computer systems that were becoming increasingly important to the operations of their organizations–met to discuss the need for a centralized source of information and guidance in the field. When the group formalized in 1969, it became the EDP Auditors Association. In 1976, the group formed an education foundation to conduct large-scale research, expanding its knowledge and value to the field of IT governance and control. The group also set the IS audit and control standards practiced by professionals worldwide.
Now known as ISACA, the organization has more than 35,000 members who live and work in more than 100 countries. Members cover a variety of IT and business-related positions. They represent all levels of the profession, from newcomers to veteran IT pros in senior positions. ISACA members work in nearly all industry categories, including financial, banking, public accounting, government, the public sector, utilities and manufacturing. This diversity enables members to learn from one another, exchange ideas and challenge the status quo.
With chapters in more than 60 countries, the organization’s vibrant chapter network provides education, resource sharing, advocacy and networking.
There is no doubt that certification will continue to be an increasingly important facet of any professional’s career, and ISACA’s CISA and CISM are among the most valued and internationally respected credentials available.
Registration is already underway for the next CISA and CISM exams, which will be held June 11, 2005. Bulletins of information for each certification can be obtained via ISACA’s Web site (www.isaca.org/certification) in a downloadable format or requested from the certification department.