Certified Information Systems Auditor(CISA) certification is initiated by ISACA (Information Systems Audit and Control Association). Which is a symbol of achievements in the field of information systems audit, control, and security. CISA certification applies to enterprise information system managers, IT managers, IT auditors, information consultants, information security vendors, service providers, and other people interested in information system auditing.
Application of CISA in Telecommunications Companies and Banks
Some industries, such as telecommunications companies and banks, face hundreds of millions of users and need to process massive amounts of data every day, and companies themselves rely heavily on computer systems. The generation of such corporate financial data is based on computer systems in many ways. For example, most of the revenue of telecommunications companies is calculated through the billing system. Under such circumstances, auditors often need to audit computer-based information systems to assess information systems’ security, stability, and effectiveness. This is IT auditing. At the same time, the auditor may also use some computer technology to test some transactions. And that is computer-aided auditing.
Application of CISA in Accounting Firm
In an accounting firm, a professional team whose main task is IT audits or computer-aided audits is traditionally called IT auditors. Their scientific name is Registered Information System Auditor. CISA (certified information system auditor) is the professional qualification of IT auditors. This means that auditors need to take the qualification of certified public accountants. Taking the auditing process of a telecommunications company as an example, the main tasks of an IT auditor are as follows.
Main Tasks of an IT auditor
1.To test whether the information system of this telecommunications company is safe and reliable. For example, whether the development and upgrade of the inventory system are managed; whether employees have their own independent account when logging in to the inventory system using a computer; whether the password is updated regularly; or the log generated by the computer background operation is regularly reviewed; etc. This type of test is the IT General Control (ITGC).
2.To test whether the system handles the specific business processes correctly. For example, the system collects bills and automatically calculates revenue. Not only income, but the process of generating certain data is more dependent on the information system. This data has a greater impact on the financial statements, the auditor should consider testing the data generation process and results. This is IT Application Control (ITAC).
3.Using computer-aided means to re-validate data. For example, the depreciation charges for this year for all fixed assets are calculated one by one. And summed up to compare with the depreciation charges on the book. In the case of a large number of fixed assets or rapid changes in growth or reduction, the traditional rationality test method is hard to achieve good results. Someone who has worked in an accounting firm for one to two years and is interested in IT may consider becoming an IT auditor. As you can imagine, IT auditors will be more and more useful in the information age.