At the end of 2020, I decided to take the Certified Information Systems Auditor (CISA) exam. This was the next logical step in my career, as I had been practicing IT auditing for a while after spending several years in IT strategy consulting.
I chose to take the CISA exam without any specific training course. I studied for a few months but only a couple of hours weekly, with a few more intense days a couple of weeks before my exam date. I found this approach to be more flexible for me.
What to study for the CISA
For my CISA preparation, I used two very helpful resources:
- The CISA Review Manual eBook
First thing’s first: read the book. It’s long, very detailed and not the page-turner you read on the beach this summer; however, it gave me an excellent overview of the scope of the certification and the notions involved.
I used the eBook version, which could be more user-friendly for some, but if I had to re-do it, I would take the printed book option, which would have been handier for me to write/highlight words and bookmark pages.
- The CISA Questions, Answers & Explanations Database
The CISA Questions, Answers & Explanations Database—12 Month Subscription is a comprehensive 1,000-question pool of items that contains the questions from the CISA Questions, Answers & Explanations Manual, 12th Edition. The database is available via ISACA PERFORM, a web-based learning platform, allowing CISA candidates to log in at home, at work or anywhere they have internet connectivity.
As a very disciplined student, I answered all the questions on the platform at least once, and I spent even more time on the ones I struggled with. You can do it anywhere—on your way to work or while sitting on the bus, for example! Because of the COVID period, I preferred to do it in the bath—what’s more relaxing than IT governance?
Preparing for the CISA exam
I also took two full mock exams the day before the exam. The platform is very well done, user-friendly and clear, and it shows you how well you are prepared for each chapter. You can do several types of specific sessions. For example, there is one section with only questions you answered wrong the first time. I was sometimes a bit confused by the explanation for each answer, as I didn’t quite understand why the right answer was the correct one, but globally I was very satisfied with the quality of the database.
For the topics that came back often (vocabulary on types of audit testing, sampling, governance structure, etc.), I took some notes on those kinds of “typical” questions, adding some details found in the CISA eBook. I wanted to be prepped for those recurring questions so that they would become the easy ones during the exam that I could answer without any hesitation.
Then came the exam: I answered all the questions I was sure of and left the other ones for later. Then I answered the remaining ones by eliminating the answers one by one and trusting my instinct when I couldn’t choose between two answers.
Retrospectively, more than being prepared, the key to success for me was that I was feeling prepared, which I can explain through three components:
- I was comfortable enough with the technical terms of IT audit, even with the notions I did not really use on a daily basis.
- I gained a good sense of what the best answers for CISA are. This is a question of mindset. Sometimes two answers seem really right. For those, I used my “CISA filter” and asked myself, “If I were a writer of this CISA question, what would I want the candidate to answer?”
- I have been working in an IT company environment for about six years, managing IT projects, defining IT strategy or auditing IT departments of different customers—big ones, smaller ones, local and international. So I knew I could trust my professional instinct.
Due to technical issues with the online exam platform and because I was on maternity leave the week after, I had to take the exam during the night while I was nine months pregnant (fortunately, it was remote). But somehow those conditions seemed to help my efficiency: my biggest wish was to go to sleep, and if I didn’t pass, I knew I would have had to wait for several months to take it again. During the exam, I took my time (as you really should) and re-read each question several times, and even then, I did not use the entire four hours.
I won’t lie, my greatest achievement in 2021 is my amazing daughter, but being the CISA top scorer for the year was the cherry on the cake!
