UMUC

[msyc]

Hi,

I am a current student in UMUC’s M.S. in Accounting and Information Technology with a background in information systems design and analysis. In 2005 I decided to combine my professional experience in the information technology field with a degree in accounting to better leverage the SOX (Sarbanes-Oxley) job opportunities and move into the public accounting profession.

To further build my professional credentials, I became CISA (Certified Information Systems Auditor) in order to better review my clients’ information system controls. The reviews I perform for my clients have the following objectives:

• To identify weaknesses
• Design control testing procedures to investigate weaknesses
• Provide recommendations to my clients in order to further enhance the control structure of the IT environment (specifically as it relates to the financial reporting system).

Additional responsibilities I have are to perform forensic accounting techniques in some of the fraud cases our firm is contracted to investigate. I electronically extract financial data from client systems and analyze the data for things such as duplicate checks, phantom vendors, and various other fraud related tests.

In order to stay current on the application of my CISA, I am an active participant of the Connecticut ISACA chapter. Currently, I am the membership director of this organization; I have found this a great way to network with others in the field. I am also a member of the HTCIA (High Technology Crime Investigation Association) and the CFE (Certified Fraud Examiners).

For those interested in the Information Technology field, I encourage you to pursue the CISA certification. The skills of a CISA / CISM are in high demand, and the opportunities for these individuals are excellent (at least from my personal perspective). While many organizations do not require it as a mandatory certificate, many organizations rely heavily on it. Although there is an exam component to the CISA / CISM, the process also requires a candidate to have 5 years of experience in the field prior to certifying. For more information, please check out this link: www.isaca.org. From my personal experience, individuals who hold this certification may have the following job titles:

• Director of Information Security
• Security Consulting Engineer
• Information Security Specialist
• Sox Information Technology Leader
• Risk & Compliance Manager
• Forensic Computer Examiner

As I am guest in this forum for the next two weeks, I invite you to ask me questions regarding obstacles in the profession, trends in the profession, rewarding experiences in the profession, more particulars regarding tips for passing the CISA examination, or any pertinent item you wish to discuss.

Looking forward to your input,
Michelle

[ACCTMBA]

Thanks Michelle for your intro.

Do you think having a finance background would help you? I am currently doing the MSAF and was thinking of doing the IT part as a certificate so that I would be more marketable as a liason between the CIO, CFO and CEO offices.

Thanks again for your help.

Don

[msyc]

Hi Don,
Thanks for your post.

Yes, I do believe that a finance background and an IT background would be a great combination. Gone are the days when the CEO is sitting at his own desk drawing up strategic plans. The CEO, CFO, and CIO (as well as a few other “C’s) must all be able to work together and understand each other’s “lingo” in order to truly come up with a strategic plan that is effective for the company as a whole. We can’t deny that IT plays a major role either in supporting or helping to drive the strategic business plan of the company.

Drilling down into the more day –to-day functioning of finance and IT, I think having the certificate will truly help you understand how the financial information is aggregated as it flows through an information system. Data theft / Identity theft / fraudulent activity occurs within financial data because the lack of security controls around the systems holding the data. Having an individual with a deep knowledge of finance who can also understand the role IT plays in aggregating and securing financial data as it flows throughout a company sounds like it would make for a unique and marketable background.

I don’t have a solid grasp on the finance profession, but that’s at least my two cents worth from the accounting / IT side of things.

Michelle

[cpanexgen]

Hi Michelle!

I love your enthusiam. Sounds like you love your work. How long did it take to prep for your certification and how hard was the exam? Also, do you attend ISACA functions. They seem pretty organized. Are they helpful? Do you have to get continuing ed for your cert?

Wow, sorry, that was a flood of questions.

Katie

[msyc]

Hi Katie,

Thanks for the questions! Yes you are correct: I tend to believe I’m within a small group of individuals that actually likes what they do at work on a daily basis, so I think I’m blessed!

It took me about 5 months to study for the exam. The ISACA (Information System Audit and Control Association) Connecticut chapter has a review course they run for about 8 weeks that covers all the major topics on the exam. I took that course and then did an additional 3 more months of studying via CD tutorials that I ordered from the ISACA book store. I think what really helped me on the exam, was the years of experience in the field. The studying was a great review tool, but some of the questions on the exam I knew more from experience. The exam was not exceptionally hard, but there is no way I would have passed without the studying. What I found to be the most challenging part of the exam was that there were always two answers that could be correct (in my opinion). In a multiple choice format, you’ve got four choices and I was able to easily eliminate two answers. Of the remaining two answers: one answer was the textbook / theoretical answer and the second answer was the way I’ve seen things set up in the corporate world. That was a bit of a challenge!

I always attend ISACA functions. I’m actually the membership director of the CT chapter, so I’m required to be at a certain amount of functions per year. Even if I wasn’t obligated, I would still show. Our chapter schedules 1 training session per month on different topics of interest (for example: wireless network controls, analyzing data for fraud, hidden secrets of the IT auditor). More than anything, it’s a great way to learn what your peers are encountering and how they handle things. I’ve learned a lot from them.

The certification does require continuing education credits. A certified individual must earn a minimum of 20 hours annually and 120 hours every three years. You can find out more about continuing education here, if interested: http://www.isaca.org/Template.cfm?Section=Certification&Template=/ContentManagement/ContentDisplay.cfm&ContentID=19934.

I hope that answered everything. Thanks for your interest,
Michelle