Here is a collection of CISA exam prep tips I gather from successful exam takers around the world. This is first post in a two-part series focusing on what you can efficiently study for the exam.
In simplest terms, core IT auditing concepts can be summarized in 4 words: Risks, security, control and audit related to the information system.
To expand what it means, candidates are expected to understand:
In the actual exam, you may be asked to rank the risks in terms of highest or lowest. In terms of security and controls, you may be required to pick up the best or least effective controls. An IS audit question may require your judgment in terms of concepts, practical procedures or presenting findings to the management.
You can then try out the self analysis on the ISACA website. This helps to estimate the level of your existing knowledge in the context of the exam, and identify gaps that you need to work on.
Depending on how much you already know, you can start drafting your study plan. The duration depends on the amount of materials you need to go through, and number of studying hours per week.
The more experienced you have with audit practice, the easier it is for you to integrate the new content with your existing knowledge.
(i) Seasoned IT auditing professionals
You probably only need a month to prepare. Start skimming through the CISA book and get familiar with the terms used by ISACA. Then, focus on practice questions and mock exam.
(ii) Candidates with some audit or IT experience
You may need around 3 months for exam preparation. If you are an auditor, get the technology perspective; if you are an IT professional, get the audit perspective. Then, read the book and spend sufficient time in practice questions.
(iii) Candidates with neither audit nor IT experience
The studying may take up to 6 months. There are reference books listed at the bottom of this page if you need background information on IT auditing.
It is better if you can get both the official CISA Review Manual for core studying, and one of the supplementary books for further explanation on the concepts. The ISACA Questions Database is a must for lots of practice.
The CISA Exam Questions can be broadly categorized into:
There may be few questions on core technologies, such as encryption, EDI, internet security and telecommunications control. You are however not required to study specific technology platforms, such as SAP, Oracle and SQL.
As you go through the practice questions, learn how ISACA asks the questions. First, read the questions very carefully – quickly but word by word. They can be quite wordy, tricky and sometimes, even appear subjective.
Most tricky questions have at least one choice as the “distractor”. People fall into the trap if they don’t read the question carefully, not clear on the concepts, or rely on “gut feeling” when answering questions.
Therefore, for each question, you should:
When checking the answers, it is best if you read the explanation for both correct and wrong answers. You will then know you got them for the right reason.
For the wrong ones, evaluate based on the following:
Rework the wrong ones until you get 100% correct, and for the right reason.
You need to memorize the fundamental concepts, but it is more important to understand how they can be applied.
Keep practicing until you are reasonably comfortable with your performance. It is also important to allow time for at least one mock exam, so you can answer the questions in a more stressful (and realistic) testing environment. You can also practice time management which is one of the most important exam testing strategies.
This part focuses on how you can maximize your score on the exam day:
One way to reduce exam-related stress is to remove as many uncertainties as you can. Going through a mock exam is one good example. Test-driving your way to the exam site and estimate the traffic time, and prepare a list of what to bring on exam day can also be very helpful.
There are 200 questions to be answered in four hours. This means that you have ~70 seconds per question. You may answer some quickly while much longer for others. Therefore, you must track the time periodically.
My suggestion is to allow 1 hour for each 50 questions. Depending on how fast/slow you progress, you can slow down/speed up accordingly.
Also, the questions do not appear based on the sequence of the domains, so don’t waste time figuring out which domain a question belongs.
Many candidates have the knowledge required to pass the CISA exam, but about half failed. Your knowledge, and probably more importantly your ability to pick the correct answer, is the key to success.
For the purpose of exam, answer question the “ISACA way”. Don’t answer questions based on your personal experience unless it is in line with ISACA thinking.
If you are not sure of an answer, circle the question, then pick your best guess and move on.
Do not leave it blank because (i) you may not have time to go back; (ii) the exam is positively graded, which means it is better to blind guess than leaving it blank.
Given this is a pencil-and-paper exam, it is important to check that you don’t skip any questions.
Sleep early and tell yourself you are ready!
I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.
Please log in again. The login page will open in a new window. After logging in you can close it and return to this page.