CISA FAQs:Advice & Guidance - The FAQ Project Page 1 of 12

CISA FAQs:Advice & Guidance

From The FAQ Project

CONVERSATIONS VOICES AND VALUABLE ADVICE

Over the years thousands have taken the CISA® exam and been certified. These
professionals are available on various mailing lists, forums and in person to provide
guidance and mentoring assistance to CISA® aspirants. The most active resource is the
CISA Group on Yahoo! and you must sign up asap. Once you have signed up, read the
archives and you will gain valuable insights which will help you in your efforts to gain
the CISA® certification.

Contents
■ 1 Strategy and Approach .. Personal experiences of CISA exam pass-outs
■ 1.1 Conversations ... valuable advice
■ 1.2 What was your approach in studying for the exam
■ 1.3 Certification Application - step by step in detail
■ 1.4 Experience info for Certification
■ 1.5 CPE's
■ 2 Copies of CRM and Exam Questions ... A BIG NO NO
■ 2.1 Requesting and sharing the ISACA CRM
■ 2.2 Discussions about Exam questions
■ 3 What resources are available for preparation
■ 3.1 Insight into approach to the Exam
■ 4 Are there any classes which I can attend
■ 4.1 CISA® Review Classes held by most ISACA Chapters
■ 4.2 Online and offline courses offered by some identified vendors
■ 4.3 What are study groups
■ 4.3.1 Where can I find a study group
■ 5 Study materials, books the CRM.... etc
■ 5.1 Purchase dilemma at the ISACA Bookstore
■ 5.2 Books, Study Materials guidance and guides !
■ 5.2.1 Books and the ISACA Manual
■ 5.2.2 Can I start my own study group or do I need permission

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 2 of 12

■5.3 Does ISACA prescribe any official study materials

■5.4 What is the CRM
■5.5 Which are the best books
■5.6 I want to practice so where can I get questions from previous CISA
exams
■ 5.7 Can someone please share their study materials with me
■ 5.8 Is there a list of vendors who provide study materials
■ 5.9 Any online courses which help prepare for the exam
■ 6 What about support groups
■ 6.1 Searching for CISA® aspirants
■ 6.2 Are there any online groups which I can join for help
■ 6.3 What assistance can I expect in these groups
■ 6.4 Does ISACA have an official support system
■ 7 Misc Info and Voices
■ 7.1 Immigration to Australia and CISA®

Strategy and Approach .. Personal experiences of CISA

exam pass-outs
Conversations ... valuable advice

Click above or here... to read the various snippets of communications between peers
wanting to know about the certification and those willingly extending information and
advice.

What was your approach in studying for the exam

Would you be able to provide those of us who are preparing for the exam any
insight as to what steps you utilized (study approach) and what tools or materials
you used to prepare for the exam.

There are a lot of commercial test prep materials (books, software, classes) available for the CISA exam in addi
the books offered by ISACA and review courses offered by ISACA chapters.

Approach that can be used

1. Don't stress yourself too much by thinking over giving the exam
2. Prepare a time bound plan and make sure that you follow it (discipline is another characteristic of a winner )
3. The best resource is available on ISACA website, take that membership and reap the benefits.
4. There is a question answer CD that ISACA provides for about 200 dollars get it.
5. Start with the review manual
6. Study one chapter and attempt all the questions related to that chapter.
7. Analyze your score and keep studying the chapter and giving exam till you reach a score of say 90 %.
8. Then it is time to move on to the next chapter.

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 3 of 12

9. For things or terminologies that you don€™t understand, search it on Google and the ISACA website.
This is a tried and tested method and has a 95 % success rate.

Nimesh has provided great insight.

My addition to this - when using the CISA question bank at the first instance do not worry about right or wrong
- just mark any option, and read the explanations.

This provides you with the reasoning for right or wrong and gives you the knowledge about the incorrect options,
correct options (which you may mark) and the correct options. So you get to learn much more about the why's and t
dont's. Go through all the 500 or 600 questions you have and then come back and do your practice tests after a w
As you will read the explanations for the questions / answers and relate them to your reading and to your experi
find there is a lot which you missed and this will help you a lot.

... makes some great points, but if you are using the ISACA CD-ROM course I would not 'mark any option'
you do not have any prior knowledge. The new ISACA course utilizes a diagnostic tool to adjust your studying to
learning needs. If you 'guess' a question and happen to be correct, you will slightly distort the accuracy of t
diagnostics. The more questions you "guess" correctly, the more you impact the diagnostics. If you are viewing
have no knowledge of the material being asked, you can select the "Mark Wrong and Guess" feature in the questio
you to guess at the question without risking any distortion of the diagnostic scoring. Then you can make use of
provided to each question.

...will take the December exam and just read the CRM and finished the questions in
the CD. My rate is about 62% correct, way below the 75% required to pass the
exam. would you guy shed some light on how well you did on those questions when
preparing the exam?

> Try to hit at least 90% by exam time. Although the CRM alone will not be enough to pass the exam.
> Also read some of the articles on the CD-ROM and ISACA website

I found the questions on "the CISA prep Guide" are very difficult. I wonder if it's
worthwhile to try the questions on this book? I also tried the CRM CD, only got
50% in some chapters.

> I try the sample questions on CD and always get 50%. I do think it is helpful to practice using CRM question o
> to familiar with the question format, especially it helps me learning how to use auditor view to answer the qu

Certification Application - step by step in detail

How to Apply for CISA Certificate (Courtsey Mukesh Pandya, Feb 8, 2008)
This is a walkthrough of the process of filling in the application for Certification.
Mukesh's email address is not published here, and you can reach him on the CISA
mailing list too. Please note [1] no email addresses are published on these pages
(except for suggestions etc) [2] no changes here, except for some formatting and [3]
in the message cover = envelope <smile>

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 4 of 12

After Passing CISA the first task is to apply for CISA. I have tried to explain the procedure in simple steps.
a. Visit http://www.isaca.org/cisaapp
b. Now look for these lines
For those who took the exam in 2006 or later:
Download Application (PDF, 93K) or request an application from the Certification Department
i Download the form.
ii Downloaded form is also attached with this mail
c. Now read the page marked as below :-
Application for CISA Certification
Requirements to Become a Certified Information Systems Auditor
- This page contains all the requirements to become CISA.
1 The first and foremost condition is passing CISA Exam, which you have already done.
2 Second condition is Experience of 5 years.
- There are some relaxations in experience for some specific experience / qualifications.
Some of them are as under :-
• Max 1 Year of Exp. with One Year of IS Audit OR IS Security OR IS Control.
Plus
• Max 1 years for Degrees like BA, B Com, B Sc etc.
OR
• Max 2 years for 4 Year Degrees like BE, B Tech.
OR
• Max 1 Year for a Degree in IS Security (like PRISM Program of Mumbai or IS Program of ICFAI)
Plus
• Max 1 year for Min. 2 Years full time teaching in IS Security at University.
Now count how many of experience you require ?
This experience must be in related fields as we studied in CISA Exam.
3. Third Condition is to abide by ISACA Code of Professional Ethics.
4. Fourth Condition is abide by IS Standards by ISACA.
5. Fifth Condition is CPE
(will be required after becoming CISA - we shall discuss this in detail in a separate email)
d.Now Go to Page Marked as Under
Application for CISA Certification
Instructions for Completion of Forms
1. Read these instructions before completing the form.
2. Now go to page 1 of the form.
. Here give names and addresses of 3 persons who will certify your experience.
These may be your seniors or ex-employer( s). These people will be contacted / called to confirm you
2.1 Now go to page 2
. Fill in the details related to work experience.
. Tick against areas (domain) we studied in CRM.
. Now go to part B and claim experience waivers.
. Complete all details on page 2.
2.2 Now go to page 3.
. Take print-out or make 3 copies.
. Give one copy each to the persons from whom you are receiving the references.
. These certificates must be kept in separate covers but may be sent with the same big cover in which y
are sending the CISA Application.
e. Now put these 3 covers in one big cover
- Also put the application form in big cover.
- Send this cover to ISACA at the address :-
Certification Coordinator
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008-3124 USA
f. You will receive your certification confirmation via email.
Hope this will help you in claiming your CISA Certificate.
Please note that ISACA is strict in verification and any wrong information may lead to rejection/cancellation of
- Mukesh Pandya, CISA
Disclaimer : The steps are indicative and not exhaustive. Please read the CISA Application for Certification pub
ISACA as a standard document. This is a work by Mukesh Pandya just to help the members of CISA-Study Group.

Experience info for Certification

....Can a person (who have passed CISA exams) be a CISA certified after gaining 5
year experience in any one of: IS security, BCP or system implementation domains,
or does he need to allocate these five years appropriately among the three domains.

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 5 of 12

(I have seen ISACA site, I am having impression that 5 years experience in any one
domain would serve the purpose; kindly correct me if I am wrong)

You only need five years of experience in audit or Infosec, no matter which domains are covered.

CPE's
Can someone please point me at a list of what activities (apart of course from
ISACA sponsored events) are allowable for CPEs for ISACA/CISA.
For example, the ISC2 describes the activities and criteria here:
https://www.isc2.org/cgi-bin/cissp_content.cgi?page=89 Is there a similar page on
the ISACA web site?

Quizzes in the Journal.

http://www.isaca.org/Content/NavigationMenu/Assurance/CISA_Certification/Requirements/Requirements_for_CISA_Cert

Note: There is much more ... Check the CISA Continuing Education Policy
(http://www.isaca.org/Template.cfm?
Section=CISA_Certification&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=28&C
on the ISACA website.

Copies of CRM and Exam Questions ... A BIG NO NO

Requesting and sharing the ISACA CRM

Can anyone tell me where i can get the copy of CISA Technical Manual and CD in
Mumbai (Xerox copy) ? Or the members who are preparing for CISA 2004 and who can
share the study material or order CISA material altogether (in group).

Unauthorized reproduction of ISACA Publications including CISA Manual and CISA Review Questions may amount to vi
copyrights. This may lead to prosecution of the offenders under Copyrights Act (as applicable to India or elsewh
Further any CISA candidate doing this would be violating the ISACA Code of Ethics.
I think the minimum requirement for any professional is conforming to ethical standards of conduct. This would i
short-cut methods or trying to get the certification by hook or by crook.

Have you read the Code of Ethics? Auditors by definition should be respected and trusted members of the communit
infringement doesn't add much respect to you.

Note: This is by far the most active request on the group whenever a new batch starts
preparing (or deciding) to sit for the exam. And warnings are given every time, and a
code of conduct document is also circulated. Please stay away from such requests and
remain clean - it's ethical and the expected course of action. You are going to spend on

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 6 of 12

the exam, so this is a bit more and you will easily cover the amount in your next
appraisal, or your company will reimburse you.

I am preparing for CISA 2004. But I dont have the CISA Manual 2004. Also, I have
the Q & A 2002 CD with me. Do you have the CISA manual 2004. I would like to
share it with you. Also, anybody willing to share notes/CD do mail me.

To the best of my knowledge, the 2002 Q&A CD is licensed for a single user/CPU. If you are planning to use this
for a CISA study group, it might be advisable for you to contact ISACA to determine their policies on "sharing" t

Discussions about Exam questions

I want to remind everyone to refrain from citing or discussing specific questions in
this forum. Those of us who have taken CISA/CISM certification exams signed a
non-disclosure: one of the terms we agreed to is that we would not discuss specific
exam questions with other people.

- ISACA has a process for disputing specific questions. If you have an issue with one or more questions, please t
them at certification@isaca.org
- Postings to this group that cite specific questions are subject to removal.
- Persons who post questions that cite specific questions are subject to being moderated (i.e. postings must be a
or removed.

Then again... CISAs are not allowed to discuss exam questions, which means questions that they responded when th
CISA exam. We can discuss practice "public-available" questions to help others prepare for the test.

If not, why does ISACA sells a CD with several practice questions?

Note: As mentioned elsewhere in this FAQ the CD may or may not contain questions
from previous exams. Besides, these questions are NOT for publication or use and they
are provided to you under copyrights which are owned by ISACA. So again, please read
the copyright notice which came along with the CD and then decide what you section
don't agree to or want to violate, and do it at your own risk. The risk of revocation of
your designation and a lawsuit ? 

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 7 of 12

What resources are available for preparation

You can get books and practice tests from ISACA. Then there are numerous books and
elearning resources which are available for purchase and download via the internet. You
can join a study group in your neighborhood or your town or you can join an online study
group ! Then there are the ISACA chapters worldwide where there is no dearth of willing
professionals to help and mentor you.

Insight into approach to the Exam

Are there any classes which I can attend

CISA® Review Classes held by most ISACA Chapters

CISA® Review Classes are usually conducted by all ISACA Chapters. Check with
the ISACA Chapter in your city. You can also register for the online classes
conducted by ISACA.

Online and offline courses offered by some identified vendors

ISACA Offers an online course. Will identify other vendors and update this
resource.

What are study groups

Informal groups where two or more candidates decide to study together. This is a
great way to study and each supports the other. Find out the candidates in your city /
town / neighborhood and hook up to form a study group.

Where can I find a study group

Well the best place is at the Review class in your city. You will find other
candidates like yourself who are also looking for study partners. You can also post a

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 8 of 12

message on the mailing list. Maybe I shall start a project to provide a platform for
people to connect together and form study groups.

Study materials, books the CRM.... etc

Purchase dilemma at the ISACA Bookstore
What's the difference in both? What's the catch here?

CISA Practice Question Database v8 English Edition (web site download)v1

$160.00

CISA Practice Question Database v8 English Edition(CD-ROM) $160.00

I should get 1 of them right? Which one?

None? One CD Copy and one Web Download...

They are both the same course. One is shipped to you via CD, one is downloaded from a server.
If you are based outside the US the download option allows you to get the course without waiting on shipping or h
to pay for international delivery or customs. Since the CD version that ISACA sells has a security feature that
only allows the course to be installed one time (no more sharing one copy for everyone in the Chapter), the down
version is a good option if you want to study immediately.

Books, Study Materials guidance and guides !

I am preparing for CISA exam, please let me know some good books to prepare for
the exam.

Please help us be guided like what are the most efficient resources and
approaches.

What are the best study guides on the exam?

Use ISACA as a reference and find other books worth reading...ISACA manual is very dry and a pain to read...just
You can start googling CISA books then read the review...there are a lot of good books there..
i have 3 CISA prep books to support the ISACA manual...plus the question database of 2006...
Try CISA Cram 2 by Allen Keele, easier read. I got a used copy on Amazon for less than $20.

Voices

ISACA has published good study material for CISA Exam. The details are available at http://www.isaca.org/booksto

Please note that CISA Review Manual (CRM) is NOT available in PDF Format. Please avoid emails for PDF version of

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 9 of 12

However CISA Question Bank is available in CD / Download Version. But I suggest you to go for printed version be
the examination is paper based so study with printed material will help you more.

There are some other material / books are also available, details of which can be found on CISA-Study Group's Ho
http://tech.groups.yahoo.com/group/CISA-Study/files/ However, I will strongly suggest you to stick to CRM only.

Books and the ISACA Manual

Can anyone tell me the book name and author for CISA preparation. The ISACA
manual is really very dry.

From my research and communication with other CISAs the best study resources are:
1. 2007 CISA CD database from ISACA website.
2. The 2007 CISA Study Manual from the ISACA website.
3. The CISA Study Guide by David Cannon - Sybex Pub.
Here's the link to CISA Review Manual 2004 and Review Questions 2003 and 2004, -- official publications of ISACA
CISA® Books (http://www.isaca.org/cisabooks)
I do not know what's the best study material but SRV's (www.srvbooks.com)study material helped at least me to pa
the CISA- exam (though rather long time ago).
In addition Micromash (www.micromash.net) is selling a CISA online review course.

Note: the responses may mention CRM 2004 or a earlier year so obviously this is a
response from someone in that year. The questions remain the same, and so do the
responses. The link given above takes you to the ISACA Bookstore and you will get the
latest version of the CRM ! Remember, these responses are reproduced here verbatim.

What's the difference between CISA Review Manual and CISA Prep Guide? Which
one is more accessible and more easy to read ? Are any differences between them ? 
Which one is better to study for the exam ?

The CISA prep guide isn't the best-written book on CISA or security auditing in general. You should get the CRM 2
the December exam to get most comprehensive material for the exam. Also get the 650 Qs CD set if you can afford

I've got the CRM from 2004, i don't have the 2500 yet. It's better to learn from the
CRM insteed of Prep Guide ? I can't afford 650 Q&A. :( 

Basic difference is that the manual is official.... issued by ISACA. Prep guides are prepared by various publish
The best combination would be Manual+CD (containing about 1000 odd questions+ Ron Weber's Text book

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 10 of 12

Can I start my own study group or do I need permission

Of course you can start your own study group. And no you do not need to ask for
permission from anyone. These are informal groups and candidates support each
other in their efforts.

Does ISACA prescribe any official study materials

No there are no “prescribed” books – you are free to make your choice of study
materials. The ISACA bookstore offers a number of study materials - the CISA®
Review Manual (CRM) is highly recommended. You can also purchase practice
tests or purchase the online course. Please note that ISACA does not restrict you to
their publications, nor does it term any of these publications as \'official\'
courseware.

What is the CRM

The CRM is the CISA® Review Manual and it is published by ISACA specifically
addressing the requirements of the CISA® examination. It covers the all the Job
Practice Areas, provides information about the knowledge areas. It is the best study
material available for the examination, and is always relevant.

Which are the best books

CRM from ISACA, Shon Harris are the most sought after books to prepare for the
exam. Of course there are many books on the individual subjects relating to Risk
Management, Project Management etc. and you are free to study them and add to
your knowledge for the exam.

I want to practice so where can I get questions from previous CISA

exams
You can purchase the practice tests online from the ISACA bookstore. These
questions are copyrighted and you will not get them anyplace else. Any company
etc which offers online practice tests will have developed their own questions
whereas the ISACA database uses questions from previous examinations.

Can someone please share their study materials with me

Sharing a book among friends is okay and you are not violating any copyright
restrictions. Please be careful not to copy, distribute, rent etc.

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 11 of 12

Is there a list of vendors who provide study materials

Coming!

Any online courses which help prepare for the exam

ISACA has an online offer and as I identify others, I shall put the names / links
online. Put up a query on the CISA forum and you will surely get a lot of names.

What about support groups

Searching for CISA® aspirants
Is some one from the group preparing CISA May'08 and staying in Delhi.

You will be able to find people through the ISACA Chapter in your city.
Why don't you post on the CISA Mailing List on Yahoo! too.

Are there any online groups which I can join for help
Yes the CISA® forum on Yahoo! Groups. Then there is the CISA® group on
Facebook and Orkut. The various ISACA Chapters, many other locations (both
physical and virtual). I run the Toronto Information Security Meetup and CISA®
professionals are welcome to join.

What assistance can I expect in these groups

Mentoring and any type of assistance about the exam.

Does ISACA have an official support system

There are forums on the ISACA website where you will find support ! 

Misc Info and Voices

> You will receive a letter from ISACA confirming your registration. The exam candidate card will be mailed to y

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 12 of 12

Immigration to Australia and CISA®

The CISA and CISM certifications have been recognized by the A.C.S (Australian
Computer Society) as equivalent to an Australian Qualifications Framework (AQF)
diploma for the purposes of skills assessment for immigration. The AQF is a unified
system of national qualifications in schools, vocational education and training
(TAFEs and private providers) and the higher education sector (mainly universities).

ACS, the recognized association for information and communications technology professionals, provides advice on s
recognition for prospective migrants to Australia. Under the agreement between the ACS and the Department of Imm
Citizenship, those seeking to migrate to Australia as an IT professional must complete an assessment through the
lodging a migration application.

Retrieved from "http://www.securians.com/wiki/FAQs/index.php?

title=CISA_FAQs:Advice_%26_Guidance"

Categories: CISA® | CISA® FAQs

http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011