CISA: Certified Information Systems Auditor: Study Guide [With CD-ROM]

I am not associated with this author or any of the competing publishers. This is my honest review to fellow CISA aspirants... CISA exam is very unique in that you cannot pass it just by 'remembering' questions and answers. You need to get the concepts. And thats where this book comes into picture. This book does not attempt to saddle you into 'thinking the way ISACA wants you to think', this book makes a bold attempt to present the concepts in a lucid manner and lets the reader gain confidence about the subject matter. With this book I was able to get the concepts clear in my mind. Combine that with some experience and a little bit of common sense and that became my recipe for clearing the CISA. I will happily refer this book to anyone aspiring to clear the CISA.

I purchased this book in March 2008 to prepare for the CISA exam in June 2008. I thought the book was quite helpful in explaining concepts. The material is very structured and it is a useful tool for preparing for the CISA exam. I used this book, one other book, and the ISACA CD (review questions) and passed the exam on my first attempt in June 2008. (I also had the ISACA official review guide/book and found that too comprehensive and dry to study from for more than short periods of time.) I do recommend this book to others looking to prepare for the CISA exam.

This book was excellent in helping simplify the terms. The author used real life examples and I think this was one of the reasons I was able to pass the CISA this time. Well worth the money. The guide was very easy to read.

This team from CertTest Training really hit the bull's eye for the much needed comprehensive study guide for information systems auditors. This guide is very unique because it bridges the gap for two of our primary groups of entrants to the information systems auditing arena. For a traditional auditor, this book translates the risk/control disciplines, traditional to audits, to the information technology environment. A typical auditor can identify with the controls without being an average IT savvy person. For the nuts-and-bolts techie, the guide helps reengineer your thinking process to control awareness and identification. The guide has eight chapters. Chapters 2 through 8 cover the syllabus for the CISA exam. Below is a brief overview of my evaluation of each chapter. Chapter 1: Secrets of a Successful Auditor This chapter is a must read for all existing or wanna-be systems auditors. It provides an overview of the IS audit standards in simple terms for almost any audience, gives an overview of professional requirements, skill sets, the auditing environment and some project management. The tone is this chapter is very motivating and encouraging. For IS auditors like us, it tells our life story, for a wanna-be, this is a recruitment effort. This chapter characterizes the authors' combined years of experience. It is a good appetizer. Chapter 2: Audit Process Armed with the knowledge of the secrets of a successful auditor in chapter 1, I was ready to delve into the main course. Chapter 2 welcomes you with a flow diagram of the audit process and provides step by step explanation of risk-based audits and how to plan and conduct audits using applicable standards, guidelines and best practices. The authors provide precise definitions of terminology. Auditor independence could not have been over-emphasized in this chapter. For the exam candidate, most questions on independence are based on judgement. This chapter ensures the reader can grasp the concept and can apply it to exam questions and of course to real life situations. Chapter 3: IT Governance With respect to the IT Governance area, which has been characterized with ambiguity since it's inception, the authors tried to explain the overall concept successfully. The only glitch is that, with CISA being an internationally acclaimed qualification, I had expected more governance examples such as the ITIL (IT Infrastructure Library) to be included for the readers from Europe and other corners of the world relate to somehow. However, I enjoyed the illustrations on the performance measurement section, the scoring and the Capability Maturity Modeling. The authors' explanation for Business Process Engineering and Business Impact Analysis (my favorite area) was excellent. For the purpose of the exam, I believe this section was adequately written. Chapter 4: Networking Technology For the techie, the first few pages may either be boring or a good refresher. However, for the rest of the chapter, the autho

Here's what the authors tell you on the first page: "Our Goal is to take you through the CISA test better than anyone else by showing you the 'how and why' of IS Auditing." That's a tough promise to fulfill, but this book follows-through just as promised. Here's why... 1) Real World Examples - the ISACA CISA manual doesn't have much of these, but you are expected to have IS auditor experience prior to taking the exam and applying for certification. It is very helpful to learn from others and their experiences. 2) Actual Study Aids and Mnemonics - helpful hints, flashcards, and memory tools that really work 3) Exam Essentials - summary of CISA concepts recommended for the exam at the end of each chapter 4) Sample Review Questions and Practice Exams that help set the "tone" for the real test 5) Last, But Not Least: Professional Guidance - It is obvious that the authors have been there, done that. They try to point out the everyday pitfalls and issues that occur in the real world of information systems auditing. This is a great tool for review when you're out in the trenches, meeting with business process owners, communicating with external auditors, and trying to get your customer the most professional results possible. Buy this book and/or check out their classes. In some shape or fashion, work with these authors and you CAN pass the exam!