Many of us ask ourselves: “How can I differentiate myself from others in the workplace? I have plenty of drive and ambition to improve my professional skills – what can I do to demonstrate this to employers?”

Increasingly, for many, the answer is professional certifications. The Certified Public Accountant (CPA) exam and associated credential were created in 1917. Since then, mostly within the past several decades, professional certifications have flourished. One can earn certifications in just about any professional field.

As the explosive growth of our reliance on information systems continues, in all aspects of our personal and professional lives, we all need to be able to place reasonable trust in these systems. This creates an increasing demand for competent professionals to review information systems, identify areas for improved security and quality, and make cost-effective recommendations for improvement.

This is where the Certified Information Systems Auditor (CISA) certification comes in. In the realm of technology, including all the associated risks and controls, there are a variety of well-respected certifications. The holders of these certifications have demonstrated their dedication to and achievement within their profession. The CISA has historically been one of the top-paying and most respected certifications. Many employers, including some government agencies, will not consider hiring someone to perform audits of information systems and technology unless they are CISAs.

CISA is a globally recognized certification within the fields of technology audit, control and security. Of the many available technology-related certifications, CISA is the gold standard. It was created in 1978 by a non-profit organization known at the time as the EDP Auditors Association – now ISACA.

The CISA certification is ANSI-accredited and recognized globally. It has been earned by more than 129,000 professionals since inception. The exam is offered globally at computer-based testing centers.

ISACA offers a wealth of resources that candidates can use to prepare for this challenging exam, both through ISACA HQ and through exceptional review courses offered by local ISACA chapters.

After passing the exam, in order to become certified, candidates are required to provide evidence of at least five years of professional IS audit experience. Related work experience and higher education programs can provide credit against the five-year requirement. Candidates must also comply with the ISACA Code of Professional Ethics and adhere to ISACA’s auditing standards.

After obtaining the CISA, certification-holders must complete a minimum of 20 hours of training per year and a total of 120 hours in a three-year period to retain the certification.

The efforts are well worthwhile. CISA certification can be a career game-changer – now more than ever.

Being a CISA has certainly made a difference in my career. I was fresh out of IT, having spent 12 years doing everything you could possibly do in the data center, 24 hours a day, and wanted something else. I “stumbled” across something that would allow me to utilize my IT background without having people calling me in the middle of the night because the system crashed. One of the first things my new manager told me to do was “go take this EDPAA review course and pass the CISA exam.” The what course and exam?

I passed the exam after much hard work, and went on to better jobs, higher income and professional recognition. It also led me to try my hand at teaching. I volunteered to teach some sessions in our Chicago chapter’s CISA review course. That was more than 20 years ago. Not only have I been teaching CISA review ever since, the teaching experience I acquired enabled me to join the staff of Elmhurst College as an adjunct faculty member. I am now in my ninth year at the college, teaching accounting and technology courses. Recently, I have been asked to develop and present a course in IT auditing at a major university in Chicago.

None of this would have been possible without my CISA. Being a CISA will open doors for you that you may not presently envision.

Editor’s note: An ISACA webinar, “How to Prepare for and Pass the Certified Information Systems Auditor (CISA) Examination,” will be offered 14 March. To find out more, visit

Ken Schmidt, CISA, CISSP, CIA, CPA, Consultant with R&M Consulting

[ISACA Now Blog]

By Philip Hung Cao

Philip Hung Cao (aka #tekfarmer), MSCS, ZTX-I, CCISO, CISM, CCSP, CCSK, CASP, GICSP, PCNSE is a Strategist, Advisor, Contributor, Educator and Motivator. He has 20 years' experience in IT/Cybersecurity industry in various sectors & positions.

Leave a Reply