Passed CISA as Grad with no experience

1Sep1969

Background: I graduated with an IS degree and have only done one year of IT-related internships.

I took the exam yesterday and passed it on my first attempt. I spent a few months reading the manual many times and researched topics I wasn't familiar with. I then did all the database questions in one shot (each domain separately) with a 75% average. Once I became familiar with the ISACA mindset and logic, I was able to boost it up to 90s and late 80s in no time. I struggled mostly with the networking concepts, which were barely covered on the exam!

This was the most intense exam I've ever done, but it felt more straightforward and easier than the database questions. Half way through, I felt that I had a good chance of passing it. Initially, I pretty stressed out, so when I first started doing the questions, I felt out of place, especially since they were different than the database ones. After a while, the ISACA thinking came back to me and I saw the questions/answers more clearly.

I flagged about 30-35 questions, but I actually felt pretty confident for the most part, strangely enough. I finished everything in three hours and then just reviewed the flagged questions (2-3 changes). My heart was pounding hard the last 10 minutes, not because I thought I would fail, but because I was just so close to switching my mind to "passed CISA" mode and was still kinda worried that maybe... I might fail. With ISACA exams, I guess you never really know.

I was told many times that this exam requires "work experience" to pass it. Well, you know what? I did not feel like I needed work experience to properly answer the questions. Maybe that's just me. I've always been an A student and aced exams, so who knows. So I guess my experience would apply to graduates who have time to study hard and be prepared. However, I can say with confidence that having a good understanding of the CRM concepts and acing the database questions are more than enough to pass the exam.

Yes, I know I won't get certificated. That wasn't my goal. My aim is to launch my career in IT auditing and having passed the CISA exam, I hope that will give it a boost! But the job search is the most challenging part.

I'm very curious to see what kind of score I managed to get. I have a feeling that I did well and did not just barely pass. Can't know for sure.

Find more posts tagged with

Comments

G_examMeantToBeTakenOnce

Congratulations! I also took it on 28th in HK and passed at the third year of my uni majoring at IS. I personally feel the exam was much clear for me to figure out one lighting answer and not may questions looking fuzzy. If I did everybody else can do it! Good luck for future aspirants!!

DAVIS NGUYEN

Congrats!

gkhizer

Congrats bro, I have read all your threads since I'm in a similar position. I have a degree in MIS like your self and everything I learned for theoretical and not technical. Which is why I'm looking at careers in business analysis or similar. I have a CCNA but these technical jobs are given to college graduates who are technical more sound than a university grad.

Along with me MIS degree and CCNA I also have a business management diploma and 1 year of server experience. Can you please guide me as to if the CISA cert is worth going for at this stage of my career. I also want to hit the big 4 consulting firms.

Thank

1Sep1969

gkhizer wrote: »

Congrats bro, I have read all your threads since I'm in a similar position. I have a degree in MIS like your self and everything I learned for theoretical and not technical. Which is why I'm looking at careers in business analysis or similar. I have a CCNA but these technical jobs are given to college graduates who are technical more sound than a university grad.

Along with me MIS degree and CCNA I also have a business management diploma and 1 year of server experience. Can you please guide me as to if the CISA cert is worth going for at this stage of my career. I also want to hit the big 4 consulting firms.

Thank

When it comes to CISA, you will get different advice. I'm not familiar with CCNA, but having an MIS degree and business management diploma is good. Many professionals I've spoken with tell me that passing the CISA exam will help me stand out from other candidates. You can start working in an industry, or start off at an audit firm, which is recommended, since you will learn a lot more.

Personally, I have my own reasons why I want to get into IT auditing. It's not the pay or the amount of jobs available. I believe in theory, it would be the best fit as a career. So find your own justification and try to pass the exam. Perhaps join and volunteer at your local ISACA chapter, but yeah, finding a job is hard. I've been on vacation, but I will soon start the job hunt again.

Let me know if you have any other questions.

scasc

Having worked in 3 of the big 4 consultancies (sadly

) I can vouch for the fact that having the CISA is an excellent way of getting in, applying what you learnt (big 4 give great exposure) and building your career in this space. Dont forget, that the CISA teaches not only IT auditing but really understanding business processes, project management etc so these are transferable skills to climb up the career ladder.

And senior manager and above (which I was) get a pretty good salary - and if you get to partner - the sky is the limit trust me.

1Sep1969

scasc wrote: »

Having worked in 3 of the big 4 consultancies (sadly ) I can vouch for the fact that having the CISA is an excellent way of getting in

I shouldn't replied earlier... but did you mean having passed the CISA exam or being an actual CISA?

scasc

1Sep1969 wrote: »

I shouldn't replied earlier... but did you mean having passed the CISA exam or being an actual CISA?

Either.... if you have passed the exam and don't have the experience yet that's totally OK, it shows your commitment to the field and career focus. All you do is go to the top 10 accounting firms and check out their IT audit vacancies/or approach them on LinkedIn. They will value the fact that you have the grounding and they don't need to put you through it. Once you go through a few end to end audits, things will fall in place (e.g. Where to find compensating controls, what's exactly a vulnerable control etc).

Best of luck.

1Sep1969

Thanks, scasc! I also wanted to ask you a question regarding the starting salary. What salary range should I give them during an interview? I have a degree in MIS and one year of internship. Does 45K-55K sound reasonable? Or should I tell them whatever the firm is offering as a starting salary? I'm from Canada, so the salary might be different if you're from the states.

Do you have any other advice about the interview process for an IT auditing position at a big 4. I've never mastered interviews and never will because I just hate them. Definitely not good at BSing, not my thing.

scasc

No worries at all. Was the internship you had audit related? If so you can use that as leverage for a higher salary though normally speaking when you start off you don't have much leverage to negotiate - I'm from London, UK and that's the way it is here. However no harm in asking for higher if they ask and say because you have the CISA and understand the end to end process in comparison to someone coming in quite fresh. Saying that what you could even do is go for an associate position not analyst and prove your audit knowledge in the interview - that would get you the higher salary.

Regarding interview process / will be competency based when you had to show communication/leadership/decision making/multi tasking skills as these are the qualities required to do an audit. Technically nothing major - usual stuff around access control, encryption or data protection at rest/transit, admin account protection etc etc.

Big things to audit these days revolve around security, cloud, mobile along with traditional elements. Standards such as ISO, SOX, NIST, HIPAA, GLB, GDPR nice to mention showing you understand the way industries are moving.

First thing to do is clean up CV and mention CISA, MIS great degree and relevant? put in key words around policy, standards, compliance, cyber etc and target roles at analyst level or better still associate by justifying your CISA.

That should help you get foot in door. Remember it's working towards being a partner that is where real bucks come. Honestly 99% roles money wise won't compete if you make it to this level and that too become senior partner one day. Naturally hours, lifestyle won't be suitable that's why I left and went into investment banking becoming deputy head in technical cyber assurance.

Best of luck keep me posted.