Importance of DISA (Diploma in Information System Audit) for a practicing Chartered Accountant

Hemang Doshi

First let us understand about diploma in ISA and its eligibility criteria.

In today’s era most of the business functions are digitalized and technology driven. Technology plays a vital role in most of the business processes. There is no doubt that Chartered Accountants with ISA qualification will play a major role in Information Systems Audit (ISA) in the coming years. It also seeks to leverage technology to enhance the professional skills of its members. This course prepares members to offer value added services of Information Systems Audit, which are in increasing demand.

Diploma in Information System Audit is offered by ICAI with the objective to enhance professional skills of its members in the area of IT dynamics. This course prepares members to offer services in the area of information security & business continuity which are relatively new avenues as compared to traditional practice.

Course Curriculum for the ISA course

The course curriculum for the ISA course is divided into eight modules as under:

• Primer on Information Technology IS Infrastructure & Emerging Technologies

• Information Systems Assurance Services

• Governance & Management of Enterprise Information Technology, Risk Management and Compliance Reviews

• Protection of Information Systems Infrastructure and Information Assets

• Systems Development: Acquisition, Maintenance and Implementation

• Business Applications Software Audit

• Business Continuity Management

• Professional Opportunities in Information Technology

Why DISA (Diploma in Information System Audit)?

(1) Being a Auditor, DISA qualification will be must down the line may be 2 to 3 years. Reason is simple, most of the organisations will be system driven where all the processing and controls will be integrated through computers. There will be minimum manual intervention. In such scenario, our traditional audit approach will not work. In system driven scenario, auditor need to know about system integration/system processing /data security/encryption techniques/ network security/system availability and backup processing. As a DISA holder you will have a edge over traditional auditors. I recommend you to consider CISA also once you complete DISA.

(2) RBI, SEBI and IRDAI has already mandated annual system audits of all banks, broking house and insurance companies. This is in addition to statutory/internal audits. DISA has been recognized as one of the qualification for system auditors. Huge scope awaits for DISA qualified professional.

(3) For Internal Audits, audit firms with DISA qualified partners are preferred by the organisations.

(4) In employment also, DISA qualified members are in huge demand.

(5) DISA qualification opens up avenues in the field of information security, business continuity, and IT risk management and other related field.

(6) Stringent data privacy laws like GDPR and draft version of data protection bill (India) already have created stiff demand for DISA/CISA qualified professionals.

(7) In many government audits, Information Systems Audit (ISA) by ICAI or Certified Information Systems Auditor (CISA) by ISACA is made mandatory for applying for appointment. Thus, if none of the partners or sole proprietor of the firm has these certifications, they are not eligible to apply.

(8) Practically, almost all good companies are working in IT environment. This certification helps the auditor to perform test of IT controls which is especially relevant these days as auditors have to report on internal financial controls over financial reporting.

(9) After these certifications, a CA can become faculty of ITT/Advanced ITT or ISA courses of ICAI thus providing other sources of income.

(10) It opens up opportunities to provide IT risk advisory and other IT related advisory to clients.

(11) With changing paradigms, knowledge and experience in technology are not merely desirable, but basic requirements for growth and even survival in the evolving global village.

How to prepare for DISA certification?

To be honest, it’s not an easy task. But if you follow below pattern for preparation, I am sure your certification is not far away.

Resource Requirement for DISA Exam Preperation:

(1) As of now, DISA exam pattern is aligned with its global peer CISA (Certified Information System Auditor). It is highly recommend to refer www.cisaexamstudy.com and attempt all MCQs available therein.

(2) ICAI modules contain lot of information. But they seems to be too lengthy and dry. For professionals, with limited technical knowledge, it is advisable to grab a copy of DISA Exam-Study Guide published by Notionpress.

(3) Get one thing absolutely clear. No other study material is required. That will unnecessary create confusion.

(4) Please start preparation atleast before 4 months of examination.

(5) Now, this is very very important. Please attempt 40 questions daily. Total time required is less than half an hour per day. No excuses even on weekends/holidays. I am not recommending any more study. 40 questions daily is the only requirement that will help us to get certification.

(6) If you follow 40-40 rule, within a month, you will able to attempt more than 1000 questions. Please note when you attempt a question, please pay more attention on explanation part i.e why a particular answer is correct and why other three are not. Also note that for many questions testing concept will be repetitive in nature. So more question you attempt, more confidence you get.

(7) Practising 40 questions daily will help you to understand:

(i)Pattern of Questions

(ii)What is the testing concept behind any question.

(iii)Easily able to identify distracters.

(iv)Easily able to co-relate correct answer with question.

(v)Help to manage time element.

Please do write to me in case of any query/concerns/suggestions at career@infosec-career.com