Philip Cao

Stay Hungry. Stay Foolish.

Why You Shouldn’t Study for Certification Exams

3 min read


People often ask me about the best way to prepare for a successful CISA, CISM, CGEIT or CRISC examination. They are usually surprised to hear my advice: Do not study for the exam at all—study for the knowledge!

As to my opinion, what sets ISACA’s certifications apart from many other credentials on the market is that ISACA exams actually test your professional experience and not your exam cramming skills. Many exam items are mini scenarios that require you to apply your knowledge to typical issues arising in your daily work. You will hardly find any items that are definitional.

I recommend adapting your studying strategy and following a long-term learning approach. Using this process, try to avoid subjectivity in the sense of the idiosyncrasies of your organisation. Companies, both large and small, tend to become blind to the shortcomings in their methods and processes. And, particularly within SMEs, the number of staff in information security, risk management, IT audit or governance with whom to share insights is often limited.

To avoid these pitfalls, implement some means for acquiring and exchanging knowledge in your professional life. For example:

  • Follow your professional colleagues on social media sites such as Twitter or LinkedIn. Look at who they follow to identify the thought leaders within your domain.
  • Read or contribute articles for blogs and periodicals, e.g. the ISACA Journal or ISACA Now blog.
  • Follow a massive open online course (MOOC). Many universities offer free online courses and classes.
  • Visit professional conferences or seminars as a delegate or speaker. There are events for every budget, and speakers are often invited for free. Use the occasion to network with peers from other organisations or industry sectors.
  • Join or found a professional community. Meet with other colleagues from your region or vertical. This is also a good opportunity to receive hints from successful exam takers or find peers who are also preparing for the exam.
  • Volunteer at ISACA or another association. See who has an active chapter in your geographic area.

In addition to the tips above, regularly review for the exam using the study materials by ISACA including the review manual and the review questions. Keep in mind that the review manuals do not comprise a complete body of knowledge. Relate to the job practice areas (specifically the task and knowledge statements) that provide the basis for the exam. Identify your weak spots and adapt your focus of studying if necessary.

Once you are well prepared, register for the exam. During the exam, if you are unsure of the right answer, take a business perspective on the question. Ask yourself, ‘If this was my organisation, how would I like the issue to be solved?’

This approach to learning will not only help you to become certified, but also will benefit your professional skills in general. As a side note, it also allows you to easily and almost automatically earn your CPE hours and maintain your certification.

IT Compliance Manager, Group Information Security Officer at Jungheinrich AG, Germany


Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved