CISA and CISM Are Strong Certifications

Share this content

A study has found that the Certified Information Systems Auditor® (CISA®) and Certified Information Systems Manager® (CISM®) are notable certifications sought out by companies and hiring individuals. Foote Partners LLC published their study in their quarterly “IT Insider Compensation Benchmarks and Employment Trends.” The study's results were obtained by directly interviewing 45,000 North American and European IT workers in 1,860 private and public sector organizations.

David Foote, president and chief research officer of Foote Partners said in a prepared statement, “IT decision makers have lately become somewhat less inclined to play the offshoring or outsourcing card when under pressure. They're looking instead for ways to keep go-to “A-team” players from jumping ship and, according to our research findings, that is showing up in premium skills pay increases that are being paid in base pay adjustments or straight cash bonuses and sometimes both.”

More than 40,000 information governance, control, security, and audit professionals have earned the CISA certification since it was started in 1978 according to the Information Systems Audit and Control Association (ISACA). The ISACA also sponsors these certification program. Those IT management professionals earning their CISM certifications exceeded 5,000 within the first two years of the certification's inception. Some careers pursued by those certified include IS auditors, consultants, educators, security professionals, regulators, internal auditors, and CIOs. CISA and CISM certifications are preferred thoughout their industry.

Recently, both the CISA and CISM certifications received ANSI accreditation under ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons. This standard specifies the requirements for organizations certifying individuals against explicit requirements. The accreditation is based on an international standard but implemented for recognition in the United States and internationally by other countries that have agreements with ANSI.

A minimum of five years of work experience in professional information systems auditing, control, or security is required for CISA certification. Substitutions and waivers may be considered for alternate experience. Experince must occur within the ten-year period preceding the applcation date. You also have five years from the date of your initial passing of the examination to complete your work experience requirement. After certification, you must complete 20 hours of approved Continuing Professional Education (CPE) and pay maintenance fees annually. A minimum of 120 contact CPE hours is also required within a three-year period.

The CISM certification is for those pursuing information security management careers. Five years of work experience in information management positions is required to become a CISM although a passing score on the examination is valid for five years only if the required work experience has not been obtained. Strict work experience substitutions are also considered. The same CPE requirements apply to both CISA and CISMs.

The ISACA is the primary organization for IS professionals pursuing audit and control careers. The group started in 1967 and incorporated as the EDP Auditors Association in 1969. Their membership has reached more than 47,000 worldwide with 170 chapters in over 60 countries. The standards that have been developed by the ISACA are recognized and used internationally.

You can find more information on the ISACA on their organization web site,

About admin


Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.