Please ensure Javascript is enabled for purposes of website accessibility

Credentials for Accountants: Certified Information Systems Auditor

Need help deciding what you want to be when you grow up? Check out the rest of our posts on credentials for accountants.

If you’re really into internal audits and information systems, want to make decent money and never want to worry about having to find a job, you may want to look into the CISA.


Education Requirements
None that we know of, beyond what you’d need to secure a job in the field to gain required professional experience.

Professional Requirements
CISA candidates must have 5 years of relevant experience in IS auditing, control or security work and adhere to the IASCA Code of Professional Ethics. Experience must be obtained in the 10 years before taking the exam.

CISA Exam
The exam is administered twice a year (June and December) and candidates must register no less than two months before the exam date. The exam is made up of 200 multiple choice questions that must be answered within 4 hours. The score is graded from 200 – 800 points and a CISA candidate must score at least 450 points to pass. It covers the following areas:

IS Audit Process (10%)
IT Governance (15%)
Systems and Infrastructure Lifecycle Management (16% of Exam)
IT Service Delivery and Support (14%)
Business Continuity and Disaster Recovery (14%)

The Information Systems Audit and Control Association (ISACA) sets the standards of and administers the CISA examination.

Compensation
PayScale has some interesting figures on compensation for those with the CISA and we have to say, it’s one of the more lucrative credentials we’ve covered thus far. Interestingly, GT pays its CISAs far better than P-Dubs.

Deloitte $59,942 – $86,500
Ernst & Young $60,737 – $90,757
KPMG $70,736 – $111,331
PricewaterhouseCoopers $58,448 – $97,657
Grant Thornton $56,500 – $143,400

IS Auditors make between $60,047 – $82,842 while IS Audit Managers can make up to $108,226. The money is good if you’re willing to put in the hours and pass a little more than half of the exam.

Adrienne Gonzalez is the founder of Jr. Deputy Accountant, a former CPA wrangler and a Going Concern contributor. You can see more of her posts here.

Job of the Day: BlackRock Needs an IT Internal Audit Manager

BlackRock is looking for an experienced auditor who has is familiar with testing of SAS 70 and Sarbanes-Oxley technology controls.

The position requires 9 years experience with Big 4 firm and professional certifications (e.g. CPA, CISA). The position also requires approximately 20% travel.

Check out the details for this position, based in New York, after the jump.


Company: BlackRock

Title: IT Internal Audit Manager

Location: New York, NY

Experience Required: 9 years

Description: The candidate will supervise one to two staff and will work closely with other internal auditors in executing the global integrated internal audit plan. The candidate will report to the Director of Internal Audit IT, who reports to the Global Head of Internal Audit. BlackRock’s internal audit group is comprised of approximately 40 professionals based principally in New York, San Francisco and London, with additional personnel in Edinburgh, Tokyo and Hong Kong.

Responsibilities: More than 9 years experience in the fields of information technology audit, information security and technology risk management; Strong experience auditing operating systems, databases, networks, and technology operations; Experience working within a risk based internal audit function executing audit planning, fieldwork and report writing; A good understanding of information technology, technology risks and emerging technologies; A good understanding of information technology best practice disciplines and frameworks such as CoBIT, ITIL and COSO; Experience managing small teams of skilled professionals and building strong trusted relationships with senior IT and business management.

Qualifications: Experience of auditing Unix, Linux, Sybase, Oracle, MSSQL and Windows; Experience working in a global financial services firm, and a good understanding of the asset management industry and regulatory environment; A “Big 4” background and experience of SAS70 and SOX technology controls testing; Experience working in a non-audit role such as information security or technology operations; Professional certifications such as: CPA, CISA, CISM, CISSP, GSNA, CGEIT, CRISC; Additional technical knowledge, e.g. attack and penetration techniques, security configuration audit tools and techniques, development tools and languages, data modeling and data management techniques.

See the entire description over at the GC Career Center and visit the main page for all your job search needs.