+ Reply to Thread
Results 1 to 2 of 2
  1. Junior Member
    Join Date
    Sep 2017

    Default Financial auditor - Passed CISA

    Hi everyone,

    I see a whole bunch of posts out there by people with Infosec experience switching over to audit but very few threads for people currently in external financial statement audit taking on CISA. Thought I would share some of my experience and fill the void.

    Background: Accounting grad,been in public practice for 4 years specializing in public sector financial audits. Work for one of the national big 6 firms (in other words, not big 4). Qualified CPA, currently an audit senior. 0 experience in infosec, although I got A+ and Network+ (I still remember the OSI model!!) for fun back when I was a high school student and worked at a local computer store.

    Approach: Purchased a official book, sybex book, the all-in-one book and database. I got the Sybex book first, book was hard to read, there were a lot of things he said that I disagreed with audit wise and his tone was condescending which I really hated. My second book was the AIO, this one was way better and I actually read up to chapter 3 before I called it quits... too boring. Finally, I caved and bought the official book (thank god work paid for all of it), this one I ended up skimming as I only had a month to study by this point. About a week before the exam, I started tackling the database, I did about 200 questions a day for 6 days in a row and by the end I was averaging 60~70% and 30s/question. Took 2 days off and on the day before the exam, I registered the Sybex book and took one of the practice exams (199 questions) and got 70%. I figured this is good enough besides there wasn't much I could do with just 10 hours before the exam.

    Exam: Exam was very similar to the database and the Sybex practice exam. No memorization required, most questions can be answered based on common sense and knowing how ISACA likes to test you. 0 technical questions like Firewall implementation or PKI... Overall, I thought the exam was too easy. I feel bad for the really technical guys as the technical topics are not tested at all. I finished the exam in a little over an hour and another hour mulling over the ones I wasn't sure about.

    Advice to financial auditors: If you know how to audit... you can pass this exam. This is essentially an audit exam with a slight IT spin. I recommend skipping the third party books, get the official one, skim chapter 3, 4 and 5. Practice taking those questions and learn to look out for those bolded key words in the questions :"FIRST, MOSTLY, BEST...etc.". Finally, don't get hung up over the technical details, chances are, you will miss one or two question per technical topic. Who cares, when the pass mark is so low and there are so many questions.

    Hope this helps and let me know if you have questions.
    Reply With Quote Quote  

  2. Junior Member
    Join Date
    Aug 2017
    South Africa

    CISA ®
    Nicely done . Congratulations
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks