CISA (Certified Information Systems Auditor) certification is initiated by ISACA (Information Systems Audit and Control Association), which is a symbol of achievements in the field of information systems audit, control and security. CISA certification is applicable to enterprise information system managers, IT managers, IT auditors, information consultants, information security vendors, service providers, and other people interested in information system auditing.
Application of CISA in Telecommunications Companies and Banks
In some industries, such as telecommunications companies and banks, facing hundreds of millions of users and need to process massive amounts of data every day, and companies themselves rely heavily on computer systems. The generation of such corporate financial data is based on computer systems in many ways. For example, most of the revenue of telecommunications companies is calculated through the billing system. Under such circumstances, auditors often need to audit computer-based information systems to assess the security, stability, and effectiveness of information systems. This is generally referred to as IT auditing. At the same time, the auditor may also use some computer technology to test some transactions, which is generally called computer-aided auditing.
Application of CISA in Accounting Firm
In an accounting firm, a professional team whose main task is IT audits or computer-aided audits, which are traditionally called IT auditors and whose scientific name is Registered Information System Auditor. The professional qualification of IT auditors is called CISA (certified information system auditor), which means that auditors need to take the qualification of certified public accountants. Taking auditing process of a telecommunications company as an example, the main tasks of an IT auditor are as followings.
Main Tasks of an IT auditor (telecommunications company)
1.To test whether the information system of this telecommunications company is safe and reliable. For example, whether the development and upgrade of the inventory system is managed; whether employees have their own independent account when logging in to the inventory system using a computer, whether the password is updated regularly; whether the log generated by the computer background operation is regularly reviewed; etc. This type of test is called the IT General Control (ITGC).
2.To test whether the system handles the specific business processes correctly. For example, the system collects bills and automatically calculates revenue. Not only income, but the process of generating certain data is more dependent on the information system, and this data has a greater impact on the financial statements, the auditor should consider testing the data generation process and results. This type of testing is called IT Application Control (ITAC).
3.Using computer-aided means to re-validate data. For example, the depreciation charges for this year for all fixed assets are calculated one by one and summed up to compare with the depreciation charges on the book. In the case of a large number of fixed assets or rapid changes in growth or reduction, the traditional rationality test method is hardly to achieve good results. Someone who has worked in an accounting firm for one to two years and is interested in IT may consider becoming an IT auditor. As you can imagine, IT auditors will be more and more useful in the information age.