Audit Sistem

Informasi
 ASI

SIM Auditing 2

SIA Auditing 1
Penilaian UTS & UAS
Text Book
 CISA Job Placement Areas
●
Domain 1—IS Audit Process (14%)
●
Domain 2—IT Governance (14%)
●
Domain 3—Information Systems Acquisition,
Development, And Implementation (19%)
●
Domain 4—Information Systems Operations,
Maintenance And Support (23%)
●
Domain 5—Protection Of Information Assets (30%)
●
Domain 6—Business Continuity and Disaster Recovery
(14%)
 Successful completion of the CISA
Examination

The examination is open to all individuals who have an interest in information

systems audit, control and security. All are encouraged to work toward and take
the examination.

Successful examination candidates will be sent all information required to apply

for certification with their notification of a passing score.

For a more detailed description of the exam see CISA Certification Job Practice.
Also, CISA Exam Preparation resources are available through the association
and many chapters host CISA Exam Review Courses (contact your local
chapter).
 Submit an Application for CISA
Certification
Once a CISA candidate has passed the CISA certification
exam and has met the work experience requirements,
the final step is to complete and submit a CISA
Application for Certification.

A minimum of 5 years of professional information

systems auditing, control or security work experience (as
described in the CISA job practice areas) is required for
certification.
 Substitutions and waivers of such experience, to a
maximum of 3 years, may be obtained as follows:
●
A maximum of 1 year of information systems experience OR 1 year of non-IS
auditing experience can be substituted for 1 year of experience.
●
60 to 120 completed university semester credit hours (the equivalent of an 2-year or
4-year degree) not limited by the 10-year preceding restriction, can be substituted
for 1 or 2 years, respectively, of experience.
●
A bachelor's or master's degree from a university that enforces the ISACA-
sponsored Model Curricula can be substituted for 1 year of experience. To view a list
of these schools, please visit www.isaca.org/modeluniversities. This option cannot
be used if 3 years of experience substitution and educational waiver have already
been claimed.
●
A master's degree in information security or information technology from an
accredited university can be substituted for 1 year of experience.
●
Exception: 2 years as a full-time university instructor in a related field (e.g.,
computer science, accounting, information systems auditing) can be substituted for
1 year of experience.
 Adherence to the Code of
Professional Ethics
●
Maintain an individual's competency by requiring the update of existing
knowledge and skills in the areas of information systems auditing, control
or security.
●
Provide a means to differentiate between qualified CISAs and those who
have not met the requirements for continuation of their certification
●
Provide a mechanism for monitoring information systems audit, control
and security professionals' maintenance of their competency
●
Aid top management in developing sound information systems audit,
control and security functions by providing criteria for personnel selection
and development
●
Maintenance fees and a minimum of 20 contact hours of CPE are
required annually. In addition, a minimum of 120 contact hours is required
during a fixed 3-year period.
 Compliance with the Information
Systems Auditing Standards
●
Individuals holding the CISA designation agree
to adhere to the Information Systems Auditing
Standards as adopted by ISACA.
●
Please note that decisions on applications are
not final as there is an appeal process for
certification application denials. Inquiries
regarding denials of certification can be sent to
certification@isaca.org.
 Understanding the Demand for
IS Audits
●
Executive Misconduct
●
More Regulation Ahead
●
Basic Regulatory Objective
●
Governance Is Leadership
●
Audit Results Indicate the Truth
 Understanding Professional Ethics
●
Following the ISACA Code
●
Preventing Ethical Conflicts
 Differentiating Between Auditor
and Auditee Roles
●
Auditor : The auditor is the competent person
performing the audit.
●
Auditee : The organization and people being audited
are collectively called the auditee
●
Applying an Independence Test
– Are you auditing something you helped to develop?
– Are you free of any conflicts, circumstances, or attitudes
toward the auditee that might affect the audit outcome?
– Did you receive any gifts of value or special favors?
Audit Sistem
Informasi