CISA exam preparation

badrottie

I was asked in a PM how I prepared for the CISA. As TechExams is all about sharing, I thought it would be worthwhile to post it in this forum. If anyone has their own advice for how to prepare for the CISA, please add your advice:Here was my plan, and bear in mind that I didn't prepare very hard, so please take that into consideration.

1. ISACA tells you what the weighting by Domain on the CISA exam is. Use this as a way to prioritize study time and focus. If you are terrible at Domain 1 (Process of Auditing Information Systems), it is only weighted at 14%. Determine if you are willing to sacrifice this area in terms of nailing a Domain with a higher weighting. This is a judgement call only you can make.
2. Use the database to identify areas of weakness within the CISA body of knowledge. My weakest area was Information Systems Acquisition, Development and Implementation as it turns out. This was weighted at 19%, so it fell in the middle in terms of importance.
3. Focus on the weakest areas first. If you are consistently getting 80% on the practice database in that area, and feel comfortable with that Domain, move on to the next weakest area, ultimately keeping in mind the weighting.
4. Repeat steps 1-3 as often as necessary
5. Write exam
6. Go drinking and try to forget about that horrible exam and how it doesn't come close to the CBK or the practice database
7. Wait for ISACA to perform whatever voodoo magic there is on taking a computer scored scantron sheet and processing it in a timely manner
8. Repeat step 6 as often as necessary
9. Get results after 8 weeks. Either start at step 1 again or go drinking in celebration

From my CISA results, I will share the following scaled scores by Domain:

Domain 4: Information Systems Operations, Maintenance and Support: 615 (23% of the CISA)
Domain 5: Protection of Information Assets: 779 (30% of the CISA)

Those two Domains alone cover 53% of the CISA.

I nailed 5, and did reasonably well in 4, but due to their higher weighting, I am better off than I would have been if I nailed Domains 1 & 2 and crashed and burned in 4 & 5. So, really, there is no better advice to give than focus on your weakness first, but always know where to prioritize your time as you may get better results by playing to your strengths if the math supports it. That's what I did.

Cheers!

paul78

Can you provide more details on step #6? Would gin, vodka, or whiskey increase your odds of passing.

On a more serious note - I suspect not everyone passes the CISA, CISM, CRISC, or CGEIT on their first try. I was trying to find the pass rates and like most organizations, ISACA doesn't release those numbers. But if you compare the number of people that take the exam each year and the increase in the number of certifications year-over-year, I would guess that the pass-rate is between 50%-65%. You can find the rough numbers in the ISACA annual reports on the web site. Maybe someone with better analytical and statistical skills can give it a shot.

The ISACA exams are difficult so if you are are one of those that didn't pass - you are probably not alone. So don't give up and give it another go.

Also - from the 2 ISACA exams that I've taken so far - CRISC and CISM - I bet that on-the-job experience really does play a role in someone's ability to be successfull in the exam. A lot of the material and the questions seemed to test your judgement and decisioning based on scenarios.

badrottie

Step 6 will work equally well with your own preferred choice of ethanol. I prefer single-malt scotch, but can also personally vouch for and provide assurance on the effectiveness of gin and vodka as substitutes

Anecdotal evidence has the pass rate for the CISA at 50% for first time for people taking it the first time. Unfortunately, ISACA does not release any information regarding that, so it is hearsay/conjecture/WAG at best.

I agree, Paul. The more real-world experience that a candidate brings into the exam, the better off they are. I have always maintained that a infosec professional with 5+ years of diverse experience should be able to sit and pass these exams with minimal preparation (namely, studying the areas that you have not been exposed to so far in your career). But that is only my opinion.

For those that did not pass, there is no shame, as it attests to the value of the designation. If it were easy, anyone and everyone would hold it, and what purpose would that serve?

DavefromMD

I agree. I had a short time to prepare for CISA. I used CRM and DB I bought from ISACA and my security, IS auditing, PM and SDLC experience helped me. When I finished the test, I felt good that I was familiar with most of the questions through work. I read David Cannon's book once, but found not much of help for CISA exam. It is very important to look at the question from ISACA point of view, just like PMP from PMI perspective. For me, PMP was lot easier than CISA and within an hour in to the PMP exam, I knew I will do very well. CISA covers a broad area, but work experience and question DB helped me to go to the exam with great confidence. For anyone want to pass CISA, stick to CRM and question DB.

paul78 wrote: »

Can you provide more details on step #6? Would gin, vodka, or whiskey increase your odds of passing.

On a more serious note - I suspect not everyone passes the CISA, CISM, CRISC, or CGEIT on their first try. I was trying to find the pass rates and like most organizations, ISACA doesn't release those numbers. But if you compare the number of people that take the exam each year and the increase in the number of certifications year-over-year, I would guess that the pass-rate is between 50%-65%. You can find the rough numbers in the ISACA annual reports on the web site. Maybe someone with better analytical and statistical skills can give it a shot.

The ISACA exams are difficult so if you are are one of those that didn't pass - you are probably not alone. So don't give up and give it another go.

Also - from the 2 ISACA exams that I've taken so far - CRISC and CISM - I bet that on-the-job experience really does play a role in someone's ability to be successfull in the exam. A lot of the material and the questions seemed to test your judgement and decisioning based on scenarios.

SunnySingh97

I had a many years of application development, operations experience as IT director in investment banking industry. A coupleof years back I moved into a snr role in Internal Audit group of a major bank. I took CISA in Dec 2012 pretty much without any prearation. I read a thick book from ISACA over two weekends before the exam and tried 50 odd questions from a small booklet they had sent. I passéd the exam witha score of 528. The biggest challenge was that after 2 hours I couldnt focus as I have hardly done such long one sitting activity in a long time. I found most of the questions related to my real life experience except information security where I drew a blank. I can also say that compared to some of the engineering related certifications such as IEEE that I had taken when I was young, this was one of the easier exam that really focused on practical experience. My quick advice, reflect back in your past experience on each question.

packetlog

Hello.
Thank you for sharing your experience and congratulations to all who have passed.

I have a question on CISA preparation material. I have already bought the following materials:
- CISA Review Manual 2013
- CISA Review Questions, Answers & Explanations Manual 2013
- CISA Review Questions, Answers & Explanations Manual 2013 Supplement

Now I am wondering if buying CISA Practice Question Database v13 (Software Download) would add any value to me. Is the content of CISA Practice Question Database v13 different than what is already covered in CISA Review Questions, Answers & Explanations Manual? Or is the software download just an electronic version of the Review Questions? Does the electronic database have different or additional questions to paper version?

Could you kindly clarify?

Many thanks,
pkt

badrottie

Sihle wrote: »

Hi Badrottie

could you please help me out with the Cisa installation code for 2012 software if you have


Regards

Hi Sihle,

If you are having difficulty installing the official ISACA question database software, I would advise you contact ISACA's support department and they will gladly help and provide assistance to you.
If you are looking an activation code for the aforementioned software that I paid for with my own money: NO. Doing so is:

1) Illegal
2) A direct violatation of my professional ethics and commitment to uphold thereof, and could cause me to lose several certifications that keep me gainfully employed
3) TechExams is not "that" kind of forum, nor has it even been

Best of luck in your studies.

Regards,

Badrottie

badrottie

packetlog wrote: »

Hello.
Thank you for sharing your experience and congratulations to all who have passed.

I have a question on CISA preparation material. I have already bought the following materials:
- CISA Review Manual 2013
- CISA Review Questions, Answers & Explanations Manual 2013
- CISA Review Questions, Answers & Explanations Manual 2013 Supplement

Now I am wondering if buying CISA Practice Question Database v13 (Software Download) would add any value to me. Is the content of CISA Practice Question Database v13 different than what is already covered in CISA Review Questions, Answers & Explanations Manual? Or is the software download just an electronic version of the Review Questions? Does the electronic database have different or additional questions to paper version?

Could you kindly clarify?

Many thanks,
pkt

Hi Packetlog,

From my understanding, the CISA Practice Question Database is the same questions found on the hard-copy, but please check with ISACA to confirm.

One advantage it does have is that the software will automatically score your answers for you by domain, and you can also customize the exam engine to focus on an area as well. You can also track your progress over time, as well.

Best regards.

packetlog

Hi badrottie,

Thanks for your reply. Yes, ISACA confirms they are the same. So just a question of preference and as you have pointed out, electronic version does have some advantages.

Many thanks,
pkt

paul78

The ISACA exams are paper based so I prefer using the paper review QA as the primary practice source since it more closely simulates the exam.

packetlog

Paul, good point. I am also thinking along similar lines. I finished the Manual and the paper version of Questions & Answers. Still have to read the Standards, Guidelines and Tools and Techniques.

What else should I do now?

Thanks.

Rupeshmohite

Hi Pkt,

Did you receive the material in .PDF format as I am in a need of 'CISA Review Manual 2013'.
If you could help me in that.

Thanks and Regards,
Rupesh

paul78

Hi Rupesh - I don't believe that the ISACA materials are available in PDF form. You may want to check with the ISAcA store on the website.

John82

Hello PKT ,

I think your approach of study is good . Would you be able to help me with the CISA Review Questions, Answers & Explanations Manual 2013 , if you dont mind .

Thanks
John

Pcgolfer

I passed with a 590. I studied the Isaca book, the Isaca 2012 database, and one other book by David Cannon. I recommend reading the books, then periodically taking test questions. However, you should spread out the use of the database to avoid memorization.

THE #1 GUIDE I CAN GIVE YOU, IS THE TAKING OF THE TEST ITSELF. WHEN YOU TAKE THE TEST, YOU WILL INITIALLY BE STUNNED BY THE QUESTIONS - FEELING THAT THEY DIDN'T REPRESENT WHAT YOU STUDIED. I LITERALLY ALMOST WALKED OUT HALF WAY THROUGH. I FINISHED THE EXAM 2 HOURS EARLY, THINKING I COMPLETELY BOMBED IT.

THE KEY POINT HERE IS TO STAY CALM AND TAKE THE EXAM IN A CALM FASHION. I ALSO REFUSED TO GO BACK AND REVIEW MY ANSWERS AS I'D PROBABLY CHANGE THEM. I SCORED OVER 620 ON THREE PARTS OF THE EXAM. JUST RECOGNIZE THIS GOING INTO THE EXAM, AND YOU SHOULD DO FINE.

LarryDaMan

So much depends on experience. I do assessments/audits everyday and in a previous position I internally audited financial systems. Since this certification was purely voluntary (not required for work, paid for it myself) and since I was so busy at work, I was cocky/procrastinated and waited until the last 4-5 days to study.

Although I had planned to read the CRM, I never cracked a book. Within the last 5 days I purchased the one month CBT Nuggets subscription and watched the CISA videos on 1.7x speed (videos were a bit old but good) and bought the ISACA review question database (great resource) and took several hundred review questions up until 2am the night before the test.

Felt okay after the exam but wasn't overly confident and then ended up passing in the top 5%.

My study methods were terrible and not recommended, but the overall point is that experience matters. Be careful emulating someone else's routine because we all have unique strengths/weaknesses/experience.

Lili37

Hi, is there a good online course you would recommend? I failed the June exam and I REALLY need to pass this cert and I think I would benefit from some CBT training. Is it worth paying for the CBTNuggets? What about quickcert and or logicalsecurity.com. I do have the ISACA DB question as well as the book.