SlideShare a Scribd company logo

Professional Designations IT Assurance

Download as PPTX, PDF
A
a3virani

This document provides an overview of the roles and certifications available for assurance professionals working with information systems. It discusses why IS auditing is important given regulations like Sarbanes-Oxley that require verifying system controls. Common certifications include CISA, CISM, and CGEIT from ISACA, which focus on auditing, security management, and IT governance respectively. The CISSP from (ISC)2 demonstrates broad security knowledge, while the GIAC GSNA tests systems and network auditing skills. Obtaining certifications provides credibility, ensures competence, and allows professionals to efficiently add value through activities like risk assessments, security evaluations, and enhancing audit effectiveness.

EducationTechnology
1 of 20
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
An overview for assurance professionals Asif Virani ACC626 – Professor M. Datardina July 5, 2012
• Why should I care? • Why an IS professional? • Types of engagements • Certifications: • ISACA • CISA • CISM • CGEIT • (ISC)2 • CISSP • GIAC • GSNA • Concluding thoughts
• With advent of Sarbanes-Oxley, auditors must verify that “controls are in place and working correctly” • Information integrity depends on system integrity: “if the security or integrity of the information system can be compromised, then the information in them can be compromised” • Canadian Auditing Standard 315 • Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment • For smaller companies, information systems are simpler but their role is still significant • Important to understand and evaluate a client’s IT system regardless of its size
• Increased efficiency and effectiveness of audits, identification of system vulnerabilities, input on risk assessment and the control environment, recommendations and advice • Companies need to be aware of risks surrounding information security • Help clients manage their risks and maximize their benefits from using emerging technologies
• Financial statement audits • Internal control design and effectiveness (CSAE3416 reports, etc.) • Internal audit function • Designing and implementing secure systems • EC-Council Secure Programmer (ECSP) • EC-Council Secure Application Designer (ECSAD) • Certified Secure Software Lifecycle Professional (CSSLP) • GIAC Secure Software Programmer (GSSP) • Security assessments and responses, monitoring • Specialized certifications • Ethical hacking, penetration testing, computer hacking forensics, intrusion analysis, web application security
• Information Systems Audit and Control Association (ISACA) • Certified Information Systems Auditor (CISA) • Certified Information Security Manager (CISM) • Certified in the Governance of Enterprise IT (CGEIT) • International Information Systems Security Certification Consortium ((ISC)2) • Certified Information Systems Security Professional (CISSP) • Global Information Assurance Certification (GIAC) • GIAC Systems and Network Auditor (GSNA)
• Governing body for IS audit and control professionals • 4 designations in audit, security and IT governance • Professional Code of Ethics • Continuing Professional Education program • Compliance with ISACA standards (CISA) • Certification exams • Work experience requirement
• “Leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to the enterprise” • Requirements: • CISA exam • Minimum 5 years work experience • Code of Ethics and CPE • IS Auditing Standards as adopted by ISACA
• Job practice areas: • Process of auditing systems • Governance and management of IT • Information systems acquisition, development and implementation • Information system operations, maintenance and support • Protection of information assets • Bottom line: • Professional familiar with and can perform IT audits • Provide assistance understanding IT system, performing risk assessments and controls testing • Enhance the audit function by analyzing and auditing IT aspects, providing greater audit effectiveness and efficiency • Invaluable when preparing special reports (CSAE3416, etc.)
• “Build and manage information security programs… bring a comprehensive view of information security management and its relationship with organizational success” • Requirements: • CISM exam • Minimum 5 years information security work experience, with minimum 3 years in information security management or in 3 or more of the job practice areas • Code of Ethics and CPE
• Job practice areas: • Information security governance • Information risk management and compliance • Information security program development and management • Information security incident management • Bottom line: • Focus on information system security program management, governance, compliance and risk management • Link between upper management and information security function • Help understand and advise on security environment at client organizations
• Ability to “discuss critical issues around governance and strategic alignment… grasps the complex subject holistically and therefore enhances value to the enterprise” • Requirements: • CGEIT exam • Minimum 5 years work experience managing, serving in advisory or oversight role, and/or otherwise supporting IT governance, with minimum 1 year experience related to developing and/or maintenance of IT governance framework • Code of Ethics and CPE
• Job practice areas: • IT governance framework • Strategic alignment • Value delivery • Risk management • Resource management • Performance measurement • Bottom line: • CGEITs “deliver on corporate business goals, more successful IT implementation, secure environment and more agile business processes… greater returns on IT investments” • Provide client value with advice on management of IT assets • Help build and evaluate business cases for IT investments for clients
• Certifying body for a number of information security- related designations • Professionals with (ISC)2 credentials differentiate themselves as knowledgeable in general and specific areas of IT security • Provide value to security functions
• “Develop policies and procedures in information security… define architecture, design, management and/or controls that assure security of business environments” • Requirements: • CISSP exam • Minimum 5 years professional security work experience in at least 2 of 10 domains of the core body of knowledge • Code of Ethics and CPE • Endorsement form signed by active (ISC)2 certified member
• Knowledge domains: • Access control, telecommunications and network security, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity and disaster recovery planning, legal/regulations/investigations compliance, and physical (environmental) security • Bottom line: • Very good overall view of security and different aspects requiring consideration • Help identify and design security setups and provide overall assessments of the security environment • Assist in gaining an understanding of the business and control environment, identifying control weaknesses and system vulnerabilities, focusing audit work and areas of testing for assurance practitioner
• Technical certification demonstrating competence in systems and network auditing • Focus on processes, assessments and testing • Requirement: • GSNA exam • Testing areas: • Audit methodology, risk management, auditing firewalls, intrusion detection systems, network services, critical systems, networking devices, Unix and Windows systems, and web applications and servers
• GSNAs often engaged to perform specific testing on systems • GIAC does not govern GSNAs or other GIAC-certified professionals • No professional code of ethics • No CPE requirement, but recertification required every 4 years • Bottom line: • Valuable team member who understands objectives of an audit • Increased efficiency and effectiveness of audits through technical testing and auditing of IT systems and networks
• Certification provides credibility, attests to the fact that they take their role and industry seriously, are competent in a strong body of core knowledge, have familiarity of industry topics • In choosing the appropriate professional, requirements should be properly defined and planned • Greater efficiency and effectiveness of work, increased delivery and service opportunities to clients, reduced exposure to more stringent auditing standards • Heightened credibility of firm, rewarding relationships with professionals in other areas of expertise, increased value creation for clients
Questions and comments can be forwarded to Asif Virani School of Accounting and Finance, University of Waterloo Waterloo, ON Canada a3virani@uwaterloo.ca

More Related Content

PDF
CNIT 160 3a Information Risk Management
Sam Bowne
 
PDF
Ch 3a: Risk Management Concepts
Sam Bowne
 
PPT
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security
 
PDF
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
Sam Bowne
 
PDF
CNIT 160: Ch 2a: Introduction to Information Security Governance
Sam Bowne
 
PDF
CISSP Preparation: Introduction
Sam Bowne
 
PPT
The best way to use ISO 27001
powertech
 
PPTX
Information System Audit and Control
Asad Raza
 
CNIT 160 3a Information Risk Management
Sam Bowne
 
Ch 3a: Risk Management Concepts
Sam Bowne
 
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security
 
CNIT 160: Ch 3a: Risk Management Concepts & Implementing a Program
Sam Bowne
 
CNIT 160: Ch 2a: Introduction to Information Security Governance
Sam Bowne
 
CISSP Preparation: Introduction
Sam Bowne
 
The best way to use ISO 27001
powertech
 
Information System Audit and Control
Asad Raza
 

What's hot (20)

PPTX
Its time to rethink everything a governance risk compliance primer
EnclaveSecurity
 
PDF
CISA Domain- 1 - InfosecTrain
InfosecTrain
 
PDF
CNIT 160 4b: Security Program Management (Part 2)
Sam Bowne
 
PPTX
Planning for security and security audit process
Divya Tiwari
 
PPTX
What is a cybersecurity assessment 20210813
Kinetic Potential
 
PPTX
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
PPTX
Integrated Compliance
Kimberly Simon MBA
 
PDF
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
PDF
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
PDF
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
PDF
Security services mind map
David Kennedy
 
PDF
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
InfosecTrain
 
PDF
CNIT 160: Ch 3d: Operational Risk Management
Sam Bowne
 
PDF
RISE's Training Catalog
RISE for Information Technology Services
 
PPTX
Nist 800 53 deep dive 20210813
Kinetic Potential
 
PPTX
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
 
PPT
Sudarsan Jayaraman - Open information security management maturity model
nooralmousa
 
PDF
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
PPTX
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
ControlCase
 
PPTX
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Kimberly Simon MBA
 
Its time to rethink everything a governance risk compliance primer
EnclaveSecurity
 
CISA Domain- 1 - InfosecTrain
InfosecTrain
 
CNIT 160 4b: Security Program Management (Part 2)
Sam Bowne
 
Planning for security and security audit process
Divya Tiwari
 
What is a cybersecurity assessment 20210813
Kinetic Potential
 
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
Integrated Compliance
Kimberly Simon MBA
 
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
Security services mind map
David Kennedy
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
InfosecTrain
 
CNIT 160: Ch 3d: Operational Risk Management
Sam Bowne
 
RISE's Training Catalog
RISE for Information Technology Services
 
Nist 800 53 deep dive 20210813
Kinetic Potential
 
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
 
Sudarsan Jayaraman - Open information security management maturity model
nooralmousa
 
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
ControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Kimberly Simon MBA
 
Ad

Viewers also liked (6)

PDF
IT OUTSOURCING ASSURANCE
Arul Nambi
 
PDF
Learningaboutquebec
mahesh_1981
 
PDF
International maritime-organization-maritime-knowledge-centre
Rabah HELAL
 
PPT
Histoire de l'assurance en algérie
Hamid HAMADOUCHE
 
PDF
L'observatoire de l'automobile 2012
BNP Paribas Fortis Belgique
 
PDF
Guide assurance auto en espagne
Inovinsurance Barcelona
 
IT OUTSOURCING ASSURANCE
Arul Nambi
 
Learningaboutquebec
mahesh_1981
 
International maritime-organization-maritime-knowledge-centre
Rabah HELAL
 
Histoire de l'assurance en algérie
Hamid HAMADOUCHE
 
L'observatoire de l'automobile 2012
BNP Paribas Fortis Belgique
 
Guide assurance auto en espagne
Inovinsurance Barcelona
 
Ad

Similar to Professional Designations IT Assurance (20)

PPTX
Professional Designations in IT Governance
jkllee
 
PPTX
Professional designations in it governance
jkllee
 
PPTX
A Career in Cybersecurity
lfh663
 
PPTX
Information Systems Audit-Related Designations
Michael Lin
 
PPTX
5548 isaca for-students
Universitas Bina Darma Palembang
 
PPTX
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
PDF
Rothke stimulating your career as an information security professional
Ben Rothke
 
PPTX
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
ITpreneurs
 
PDF
Mash f43
SelectedPresentations
 
PPT
Certifications and Career Development for Security Professionals
Dan Houser
 
PPTX
Security and Personnel-Chapter 11 Presentation.pptx
bernaleighsande88
 
PDF
File1
ivanmagalhaes__
 
PPTX
Kuliah Sesi ke-01 Control & Audit [080616].pptx
Reza743349
 
PDF
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
priyanshamadhwal2
 
PPT
Chap1 2007 Cisa Review Course
Desmond Devendran
 
PPT
Chap1 2007cisareviewcourse-090511232029-phpapp02
Waqas Ahmad
 
PDF
All It Standards Guidelines And Tools
Tarik KUCUK
 
PPT
Isa 2
Darshan Kumar
 
PPTX
Information Assurance for Accountant 2007
Donald E. Hester
 
PDF
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Yoyo Sudaryo
 
Professional Designations in IT Governance
jkllee
 
Professional designations in it governance
jkllee
 
A Career in Cybersecurity
lfh663
 
Information Systems Audit-Related Designations
Michael Lin
 
5548 isaca for-students
Universitas Bina Darma Palembang
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
Rothke stimulating your career as an information security professional
Ben Rothke
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
ITpreneurs
 
Mash f43
SelectedPresentations
 
Certifications and Career Development for Security Professionals
Dan Houser
 
Security and Personnel-Chapter 11 Presentation.pptx
bernaleighsande88
 
File1
ivanmagalhaes__
 
Kuliah Sesi ke-01 Control & Audit [080616].pptx
Reza743349
 
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
priyanshamadhwal2
 
Chap1 2007 Cisa Review Course
Desmond Devendran
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Waqas Ahmad
 
All It Standards Guidelines And Tools
Tarik KUCUK
 
Isa 2
Darshan Kumar
 
Information Assurance for Accountant 2007
Donald E. Hester
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Yoyo Sudaryo
 

Recently uploaded (20)

PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Institutional Correction lecture only . . .
limvtheghins
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 

Professional Designations IT Assurance

  • 1. An overview for assurance professionals Asif Virani ACC626 – Professor M. Datardina July 5, 2012
  • 2. Why should I care? • Why an IS professional? • Types of engagements • Certifications: • ISACA • CISA • CISM • CGEIT • (ISC)2 • CISSP • GIAC • GSNA • Concluding thoughts
  • 3. • With advent of Sarbanes-Oxley, auditors must verify that “controls are in place and working correctly” • Information integrity depends on system integrity: “if the security or integrity of the information system can be compromised, then the information in them can be compromised” • Canadian Auditing Standard 315 • Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment • For smaller companies, information systems are simpler but their role is still significant • Important to understand and evaluate a client’s IT system regardless of its size
  • 4. • Increased efficiency and effectiveness of audits, identification of system vulnerabilities, input on risk assessment and the control environment, recommendations and advice • Companies need to be aware of risks surrounding information security • Help clients manage their risks and maximize their benefits from using emerging technologies
  • 5. • Financial statement audits • Internal control design and effectiveness (CSAE3416 reports, etc.) • Internal audit function • Designing and implementing secure systems • EC-Council Secure Programmer (ECSP) • EC-Council Secure Application Designer (ECSAD) • Certified Secure Software Lifecycle Professional (CSSLP) • GIAC Secure Software Programmer (GSSP) • Security assessments and responses, monitoring • Specialized certifications • Ethical hacking, penetration testing, computer hacking forensics, intrusion analysis, web application security
  • 6. • Information Systems Audit and Control Association (ISACA) • Certified Information Systems Auditor (CISA) • Certified Information Security Manager (CISM) • Certified in the Governance of Enterprise IT (CGEIT) • International Information Systems Security Certification Consortium ((ISC)2) • Certified Information Systems Security Professional (CISSP) • Global Information Assurance Certification (GIAC) • GIAC Systems and Network Auditor (GSNA)
  • 7. Governing body for IS audit and control professionals • 4 designations in audit, security and IT governance • Professional Code of Ethics • Continuing Professional Education program • Compliance with ISACA standards (CISA) • Certification exams • Work experience requirement
  • 8. • “Leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to the enterprise” • Requirements: • CISA exam • Minimum 5 years work experience • Code of Ethics and CPE • IS Auditing Standards as adopted by ISACA
  • 9. • Job practice areas: • Process of auditing systems • Governance and management of IT • Information systems acquisition, development and implementation • Information system operations, maintenance and support • Protection of information assets • Bottom line: • Professional familiar with and can perform IT audits • Provide assistance understanding IT system, performing risk assessments and controls testing • Enhance the audit function by analyzing and auditing IT aspects, providing greater audit effectiveness and efficiency • Invaluable when preparing special reports (CSAE3416, etc.)
  • 10. • “Build and manage information security programs… bring a comprehensive view of information security management and its relationship with organizational success” • Requirements: • CISM exam • Minimum 5 years information security work experience, with minimum 3 years in information security management or in 3 or more of the job practice areas • Code of Ethics and CPE
  • 11. • Job practice areas: • Information security governance • Information risk management and compliance • Information security program development and management • Information security incident management • Bottom line: • Focus on information system security program management, governance, compliance and risk management • Link between upper management and information security function • Help understand and advise on security environment at client organizations
  • 12. • Ability to “discuss critical issues around governance and strategic alignment… grasps the complex subject holistically and therefore enhances value to the enterprise” • Requirements: • CGEIT exam • Minimum 5 years work experience managing, serving in advisory or oversight role, and/or otherwise supporting IT governance, with minimum 1 year experience related to developing and/or maintenance of IT governance framework • Code of Ethics and CPE
  • 13. • Job practice areas: • IT governance framework • Strategic alignment • Value delivery • Risk management • Resource management • Performance measurement • Bottom line: • CGEITs “deliver on corporate business goals, more successful IT implementation, secure environment and more agile business processes… greater returns on IT investments” • Provide client value with advice on management of IT assets • Help build and evaluate business cases for IT investments for clients
  • 14. • Certifying body for a number of information security- related designations • Professionals with (ISC)2 credentials differentiate themselves as knowledgeable in general and specific areas of IT security • Provide value to security functions
  • 15. • “Develop policies and procedures in information security… define architecture, design, management and/or controls that assure security of business environments” • Requirements: • CISSP exam • Minimum 5 years professional security work experience in at least 2 of 10 domains of the core body of knowledge • Code of Ethics and CPE • Endorsement form signed by active (ISC)2 certified member
  • 16. • Knowledge domains: • Access control, telecommunications and network security, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity and disaster recovery planning, legal/regulations/investigations compliance, and physical (environmental) security • Bottom line: • Very good overall view of security and different aspects requiring consideration • Help identify and design security setups and provide overall assessments of the security environment • Assist in gaining an understanding of the business and control environment, identifying control weaknesses and system vulnerabilities, focusing audit work and areas of testing for assurance practitioner
  • 17. • Technical certification demonstrating competence in systems and network auditing • Focus on processes, assessments and testing • Requirement: • GSNA exam • Testing areas: • Audit methodology, risk management, auditing firewalls, intrusion detection systems, network services, critical systems, networking devices, Unix and Windows systems, and web applications and servers
  • 18. • GSNAs often engaged to perform specific testing on systems • GIAC does not govern GSNAs or other GIAC-certified professionals • No professional code of ethics • No CPE requirement, but recertification required every 4 years • Bottom line: • Valuable team member who understands objectives of an audit • Increased efficiency and effectiveness of audits through technical testing and auditing of IT systems and networks
  • 19. • Certification provides credibility, attests to the fact that they take their role and industry seriously, are competent in a strong body of core knowledge, have familiarity of industry topics • In choosing the appropriate professional, requirements should be properly defined and planned • Greater efficiency and effectiveness of work, increased delivery and service opportunities to clients, reduced exposure to more stringent auditing standards • Heightened credibility of firm, rewarding relationships with professionals in other areas of expertise, increased value creation for clients
  • 20. Questions and comments can be forwarded to Asif Virani School of Accounting and Finance, University of Waterloo Waterloo, ON Canada a3virani@uwaterloo.ca