CISA BATTLECARD

Elevator Pitch: Description:

CISA®—Certified Information Systems Auditor is designed for those who audit, control, monitor and CISA is the globally recognized gold standard for IS audit,
assess an enterprise’s information technology and business systems. CISAs are recognized control, and assurance, in demand and valued by leading
internationally as professionals with the assurance knowledge, skills, experience and credibility global brands. It’s often a mandatory qualification for
necessary to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, validate employment as an IT auditor. CISA professionals offer the
controls and deliver value to the enterprise. The increased dependence on technology and information credibility to leverage standards, manage vulnerabilities,
ensures that CISA certification-holders will continue to be in demand for assurance and security ensure compliance, offer solutions, institute controls and
functions. deliver value to organizations.

Features: Target Audience:

• CISA covers 5 practice domain areas: Process of Auditing Information Systems; Governance and Designed for mid-career IS audit, control and assurance
Management of IT; Information Systems Acquisition, Development and Implementation; professionals looking to leverage career growth including:
Information Systems Operations, Maintenance and Service Management; Protection of • IT Audit Directors/Managers/Consultants
Information Assets • IT Auditors
• CISAs identify and assess IT risk and ensuring compliance with IT-related regulations • Compliance/Risk/Privacy Directors
• CISAs review processes, procedures and controls to ensure that IT systems in place will mitigate • IT Directors/Managers/Consultants
IT risk, i.e., no unauthorized people have access to their systems
• CISAs assess vulnerabilities, report on compliance and validate and enhance controls will
Differentiators:
ultimately improve organization’s image
The CISA certification was first offered in 1978, and has
been earned by over 164,000 IT audit, security and control
Benefits: professionals. Over 96,000 currently hold it, with an
• Reduce risk: CISAs provide assurance that the organization’s IT and business systems are average annual renewal of 94% and an average annual
effectively monitored, managed and protected. salary of $132K. Often a mandatory requirement for an
• Create a common language: CISAs serve as trusted business advisors by assuring that the information system auditor.
necessary leadership and organizational structures and processes are in placed to achieve
business objectives and support the enterprise’s strategy.
• Drive business successes: Regulators and clients look for a CISA designation and many
businesses and government agencies require it.
• Be prepared: Research has shown that businesses lose up to 5% of their annual revenue to fraud
and irregularities. This reality is prompting leadership to hire CISAs to implement preventive
controls and provide assurance on information security and risk management.
 Pain Points:
C I S A BATTLECARD • Denial of service, ransomware, phishing, spam, zero-day attacks and other threats
are becoming rampant, causing extensive losses to individuals and businesses
• Board doesn’t understand complexity and implications of compliance (Source: ACA
Risk and Compliance Conference, 2020)
Industry Trends: • Organizations not properly assessing risk in each department (Source: ACA Risk and
Compliance Conference, 2020)
• 52% of CISAs say their expertise is more sought after within their
• The IT skills gap is increasing and many IT security positions are unfilled
organization and 45% have implemented efficiencies (Source: Cert Mag
Salary Survey, 2018)
• 87% say rapid shift to work from home increased risk of data privacy Objection Handing:
and protection issues (Source: ISACA COVID-19 Study, April 2020) Q: Why should I get a CISA certification?
• Security complexity and cloud migration increased the average cost of A: Getting a CISA certification shows that you are serious about working as an
a data breach by $292K (Source: IBM Security Cost of a Data Breach, 2020) IT auditor & and dedicated to a career in the industry.
Q: Is a CISA certification necessary?
Competitive Landscape: A: Regulators and organizations look for a CISA designation; many businesses and
• Certified Internal Auditor (CIA) – IIA and the IPPF Standard (more government agencies require it.
general audit focused as opposed to specific to IT Audit)
• Certified Information Technology Professional(CITP) – AICPA (is a Testimonials:
more generalized less focused certification and requires a CPA “CAEs and IT Audit Directors are much more inclined to hire the professional with the
designation) CISA. It is fair to say that at this point in time, not having the certification can be a
• CompTIA and ISC2 also offer competitive products but they are more significant barrier.”
focused on information security, not audit. – Caitlin McGaw, President and Chief Recruiting Officer, Candor McGaw Inc.

CPEs: Awards and Recognition:

• To maintain your CISA, you must earn and report a minimum of 120 • Named among the 10 highest paying certifications of 2020, PC magazine
CPE hours every 3-year reporting cycle and at least 20 hours annually. • One of the “11 Hottest Cybersecurity Certifications in 2020 by CRN
• CISA awards up to 1 hour of CPE for every 1 hour of instructor led • Ranked among the top fifteen highest-paying IT certifications based on the Global
training. Knowledge 2020 IT Skills and Salary Report
• Earn 28 CPEs for online CISA review course • CISA was ranked as the most popular cyber certification in all regions outside
• [Link] North America in Global Knowledge’s 2019 IT Skills and Salary Report

ISACA connects you to what’s next

Connecting more than 165,000 professionals in over 180 countries, ISACA® is a global leader in certification, training and
education. We provide knowledge, standards, networking and career development for information systems audit, control,
security, cybersecurity, risk, privacy and governance professionals. We advance and validate business-critical skills and
knowledge through our globally respected CISA and other certifications.

® 2021 ISACA. All Rights Reserved.