Custom Search

Monday, March 9, 2009


This is the continuation from part 3 of IT Governance in CISA. It furthers explain the structure requires for an effective IT governance from management.

Tuesday, October 28, 2008

CISA IT Governance Part 1 no. 3

This is a continuation from Part 2 . Where we again talk about IT Governance , the organization and how key personnel from an organization can make up and support the IT governance team. Watch the video for more details:

Wednesday, August 13, 2008


In this second part of IT Governance of the CISA preparation video :

We talk about how IT governance need to be aligned with Enterprise business goals so as to achieve IT Value to the business.

CIAA stands for confidentiality, Integrity , Avaliability and Authentication. And this is what IT governance should be looking out for in Business processes to increase value and maintain compliance & security at the same time


Sunday, May 18, 2008


In this video,

We are talking about how IT governance can bring value to business:

Click on video to learn more:


Saturday, May 3, 2008

Cisa Audit Process_Part2_no3_Last

hi Friends,

In the last video we talked about using CAATS (Computer Assisted Auditing Tools)to automate audit process. We have CISCO security device manager, Microsoft Baseline Security Analyser & Great Plains software. We will further looked into other auditing methodologies in this video , so click to view:


Sunday, April 20, 2008

Tips for Passing The CISA exam

Jay , ISACA CISA Certified
Objective of CISA Exam
CISA Exam consists of 200 questions from 7 domains as detailed in the Candidates Guide to the CISA Exam. The CISA Exam tests minimum level of competence for conducting Information Systems Audit.
Understanding of IT
CISA Candidates are expected to have working knowledge of Information Technology. The basic understanding of Information Technology should cover key concepts of various components of Information Technology in their practical deployment. The IT knowledge should encompass overall understanding of IT Infrastructure, IT Facilities, various types of Computer hardware, Systems Software (Operating System, Database, Networking, Multimedia, etc), Business Application software, Office Automation Software and Audit Software. Further, candidates are expected to know concepts and practice of Management as relevant to IT deployment in enterprises.
CRM – only theoretical training
The CISA Review Technical Information Manual (CRM) is not meant for teaching the fundamental concepts of Information Technology. However, IT components are explained only to the extent required. The candidates guide to CISA exam provides the broad range of topics covered and CRM provides the details of concepts of practice of IS Audit as per IS Auditors’ Tasks and Knowledge requirements. Candidates are advised to use the CRM as the basic guide for learning and use additional material as required based on their assessment of gaps and individual competency areas.
IT – Practical Training
Candidates who are not well conversant with IT are advised to do a practical course on IT covering hardware, systems software, office automation, business applications and audit software.
Getting CISA Perspective – practical approach
The overall understanding of a CISA candidate is expected to cover the related domains as per the objectives, tasks and knowledge statements given in the Candidates Guide to CISA Exam. Primarily it encompasses three major disciplines - Information Technology, Management and Auditing. The CISA candidates may follow the following approach for getting the perspective of a CISA:
• Obtain overall understanding of Information Technology – concepts and practice
• Understand the Risks of deployment of relevant IT Component
• Know the features and functionalities of Security and controls of IT Component
• Understand how controls could be implemented using the security features and functionalities so as to mitigate the risks in the relevant IT Component
• Learn how to identify the risks, review the related security, evaluate the implemented controls and identify areas of weaknesses.

Conceptual Clarity
CISA Candidates need to have conceptual clarity in the following key areas:
The inherent risks of Implementing Information Technology
Appropriate risk management strategy for mitigating these risks.
Security and controls, which need to be implanted for, risk mitigation.
Practical Tips for CISA Exam
Exam details

1. The exam is objective (multiple-choice). The answer is available in the choices. Hence, the approach to studies should not be from the perspective of remembering but more from perspective of understanding.

2. The CISA Exam Questions could be broadly categorized into 2 categories:
• Based on Facts – technology, auditing standards
• Based on Analysis – context and decision oriented

3. There are 200 questions to be answered in four hours. This would mean that approx. 70 seconds per question. Some of the questions may be answerable within 30 seconds and some may take more time. Further, in some cases, if you get lost in too much thinking, you may lose track of time and may not have time to answer all questions. Hence, it is essential to manage based on a slot of one hour or for a block of 50 questions. Depending on the progress, you can increase or decrease the pace as required.

4. As there is no negative marking, you must answer all questions. Even in case of questions, where you are not sure of right answer, you may guess intelligently.

5. Do not attempt to read through the question paper fully. You may lose time and may not have time to answer all the questions. The ideal method is to take up one question at a time and answer them one by one.

6. You may decide on which order you want to answer the questions. Some tend to start from question no. 50 or 100 as it gives them confidence they are progressing and come back. However, the ideal approach is to answer sequentially one at a time.

7. There may be questions for which you may not be able to strike the right answer straight away. You may skip, but mark it in the questions paper so that it is identifiable and come back to it later. However, the best approach is to take a DECISION and answer it then and there. You may not have time to come back to the question again. Further, there may always be lurking feeling that you have
left some questions unanswered. This will be at the back of your mind always. However, if you do have to change, please ensure that you erase the previous answer carefully and fully.

8. Please do not think of coming back to the answers for corrections later on. You may change if and only if you are additional insights or data, which necessitates that your previous answer was incorrect.

9. If you have to modify your answers for any reason, please ensure that you erase the previous choice properly so that there is no trace of marking else it may be construed as multiple marking and your answer ignored for valuation.

10. You need to compartmentalize your mind and take one question at a time. Think and decide on the right answer. Once you have answered, forget it and go ahead and tackle the next one and so on. Don’t carry your doubts of the previous question to the next.

11. You may mark the answers in your question paper and transfer it periodically or mark your answer for every question directly in the answer sheet.

12. Get the fundamentals very clearly. Read the IS Auditing standards and guidelines and COBIT Control objectives to get the thinking of an IS Auditor. Put on the cap of the global IS Auditor. Don’t bring in your personal experience and answer questions from your past data unless it is in line with ISACA’s thinking. The questions will not be technology specific or industry specific. Hence, don’t think what is practiced in your technology platform or industry as the most relevant or applicable. It may not be.

13. Take one question at a time. Read it fully and carefully. Identify the stem, the key concept that is being tested. Underline the core concept, which is being tested. Read all the choices even if you have think you have the right answer in the first or second or third choice.

14. You may encounter some questions, which are familiar to you, which you have answered in the CISA review manual or in the test questions. Don’t be prejudiced by your past answers. Read the question fully, understand it, and look at the choices and then answer. It may be possible that the questions may have been rephrased or re-worded and may have a different answer to what you have seen in the tests or the choices may be re-arranged or rephrased.

15. In the choices, when there are two choices which are similar. Pick the one which is more macro and bigger in nature. Remember the context of the situation as given in the question and the available choices have to be considered to arrive at the best choice.

16. For choosing the right answer, you may be able to identify the right answer straight away. You may also adapt the process of elimination by ruling out the apparently incorrect choices one by one so as to narrow down your choices and pick up the right choice.

17. Every question will have one of the choices framed as a distracter. The distracter may attract those with incomplete knowledge or attempting to answer the question with just common sense. It is essential to be able to eliminate the distracter.

18. You may need probably of all of four hours to answer 200 questions. Hence, it is essential that you practice sitting at one place and practicing answering the mock tests so that you get practice of sitting for four to five hours at a stretch.
19. Your concentration level may come down after an hour or so. It is important that you have a little break by having a sip of water and looking away from the question paper and get back your concentration before you start answering again. Take a few deep breaths, stretch yourself if required and then get back to the task. Consistent concentration is important.

20. If you have any medical problems, which hinder your sitting for long stretch of time, or you need regular medication, inform the proctor in advance and take necessary precaution.

21. Don’t stress yourself physically before or during the exam. You need to be fully relaxed so as to have maximum concentration. Avoid last minute reading and late night reading before the exam day. It may not really help.

22. The Questions and choices are straightforward and simple. They are meant for testing your understanding of concepts and practice of IS Audit. They are not meant to test your grammar or proficiency in English. Hence, do not try to analyse the question and answers too much. Don’t try to read between the lines and find hidden meaning. There may not be any.

23. The pass % is normally about 55% globally and varies from centre to centre. However, passing the exam is primarily dependent on your ability to concentrate during your exams and picking up the right choice. Our Analysis reveals that most of the students who fail tend to get around 70% which means that another 5 to 10 questions answered correctly would have got them through. Hence, it is very important that you are able to devote proper time for each of the question and concentrate throughout the exam.

24. The exam consists of one paper, which has all 200 questions. The questions are not in a particular order of domains or chapters but are usually mixed up at random. It is not worthwhile trying to figure out to which domain a questions belongs. What is most important is how well you are able to answer the questions in the exam.

25. Practice the questions and get the reasoning and choice correctly. Remember, the exam is not expected to test your memory but your understanding. Hence, there is no need to cram any definitions or concepts except the most fundamental ones and that too for understanding.

26. Don’t sit up late day before the exam trying to read and catch up on lost time. Remember, the principle of farming, you need to sow in time and take care on
regular basis so as to reap in time. Last minute preparations may result in lack of concentration on the exam day.

27. The questions are not directly picked up from any text book or reading material but are prepared by Practicing CISAs and are aimed to test your understanding of the concepts and practice of IS Audit.
28. Practice, practice and practice questions available with you. But remember the standard of the questions in the exam is much higher than what you have practiced. Be mentally prepared. If you have conceptual clarity and apply your thinking as an IS Auditor, you should be able to pick up the right answer.

29. The exam is based on percentile. The lowest score among all the candidates is converted to 25 percentile and the highest score is converted to 99 percentile. Your raw score is then converted accordingly to a percentile. Hence, depending on the overall performance of the candidates, the number of questions you have to get right to get 75 percentile is dependent on overall performance of all the candidates. However, it is preferable not to worry too much about the percentile but focus on getting the maximum questions right.

30. Ensure that you are marking the answers exactly. Cross-check regularly to ensure this. You have to be extra careful if have skipped any questions to be answered later. It is important to ensure that you skip marking the answers for that question. You may use a ruler for ensuring you are marking the required choice for the appropriate question.

31. As part of preparation, do discuss the questions and answers with an open mind. If you are auditor, get the technology perspective and if you are from IT, get the Audit perspective. Remember as an IS Auditor, you are expected to be auditing Technology as deployed in the organization.

32. The key ideas to be remembered as an IS Auditor are IS Risks, IS Security, IS Control and IS Audit. You need to be well versed with these concepts. The questions may require you to grade the risks in terms of highest or lowest. In terms of security and controls, you may be required to pick up the best or least effective controls in the context of the question. An IS Audit question may require your judgement in terms of concepts, practical procedures or risk ranking or presenting the findings to the management. There may be few questions, which tests your understanding of core technology. For example, encryption, EDI, Internet Security, Telecommunications control, etc.

33. Familiarize yourself with the test. Know the tasks, knowledge and scope of the subject, the type of questions and proposed answers.

34. The Exam is not Technology or platform specific. Hence, do not get too engrossed with technology details and reading of technology.

35. Make a time plan of what you need to read and prioritize. Deal with unread materials concisely. Formulate a reading strategy in advance with a time table and study plan.

36. Form a small study group or e-group for studies and discussions. Review your preparation actively alone and also with group on a regular basis. Review and discuss with group your logic and reasoning and get other perspective also.

37. Prepare yourself emotionally and physically to take the exam.

38. Take your family and friends into confidence so that you are able to sacrifice your social commitments and focus on the exam.

39. Motivation is an important aspect of preparation for the exam. Motivation will help you concentrate and be focused on the task on hand. Self Motivation is the best motivation. Remember, you are taking a prestigious and global recognized exam, which will make a significant difference to your career, earnings and your self-esteem.

40. Visualize receiving the Congratulations letter from ISACA and CISA Certification. See yourself being congratulated by your peers and colleagues.
Exam Venue
41. Visit the venue in advance before the exam and know the route, parking facility and exact place of exam. Reach the exam half an hour before the scheduled time so that you are not running to the venue in a hurry. Do come to the exam to the venue before time and use the time for relaxing.

42. Carry your identification cards, admission tickets, 3-4 pencils sharpened, 2-3 erasers, water bottle. Don’t carry any books. You may not get time to read and it may not be worthwhile trying to read in the last minute. Remember the questions don’t test your memory but are more a test of your judgemental ability as an IS Auditor.

43. The admission ticket is expected to be received by the candidate 2-3 weeks before the exam. It is sent both by email and by post. You can bring printout of email copy to the exam if you don’t receive the hard copy by post. However, if you don’t receive hard copy also, you may contact the chapter office to confirm your name is in the candidates list. The chapter gets a copy of all the candidates writing exam from the test centre. They are authorized to identify candidates who have not received the admission ticket. Hence, please don’t panic if you don’t receive the admission ticket but contact the chapter president or CISA Coordinator of your test centre who would have the complete list of candidates taking the exam from that test centre.

44. The proctor will start reading instructions of the exam 30 minutes before the exam time. You are expected to be in the hall before proctor commences reading the instructions. Proctor may not allow you inside once he starts reading the instructions.

45. The instructions relate to signing of forms and filling up your registration particulars. Clarify your doubts about any procedures you have. Follow the proctor’s instructions carefully and write down the details as per instructions. You
can use pen or pencil for writing the registration no. and other details. However, answers are to be marked only in pencil.

46. The proctor will not answer any questions pertaining to the questions or answers.

47. You can go out of the exam hall for answering nature’s call with permission of proctor. You have to hand over your questions and answer paper before going out of the hall and collect it back on arrival.

48. No additional papers or sheets will be provided. You may use the question papers or its back side for making any rough notes. It is advisable not to make any notes or marking on the answer sheet except for marking the circles for the right choice.

49. The CISA Exam is a closed Exam which means neither the question paper or answer papers are released. You are not expected to discuss the questions or answers with anyone.

50. After completing the exam, leave the venue silently. Don’t discuss your answers with the other candidates to confirm the answers. You may only get confused.

We are glad that you read through these tips. While hoping they would be useful to you in passing the CISA Exam, please note that we do not provide any assurance of your success. We don’t claim that all the tips would be relevant and useful. However, you may pick up whatever you deem useful. Your success in the CISA Exam depends on YOU – your preparation and your performance on the exam day. Your success also depends on the overall performance of all the Candidates. You may consider the above as friendly tips from those who have written and passed the CISA Exam themselves and who have interacted with CISA Exam candidates since last five years.
Wish you Success in the CISA Exam.
Author can be contacted at Jay ,

Sunday, April 13, 2008

Cisa Audit process part 2 no 3

Cisa Audit process part2_no3. It covers CAAT, computer assisted auditing techniques.