Tips for CISA studies and questions answered

Posted on October 10, 2015

I have recently received a few mails and had a few discussions around tips for the CISA exams (thanks MacVite Chadza, Sunil Nangare and others). During the CISA sessions we held earlier in the year there were a number that covered this, with session 14 explicitly doing so. Go and take a look at this post : Session 14  I would suggest you download the slides from the link and then also watch the YouTube video where we discuss the slides. Finally, download and read Shirish Deshpande & Rafeq’s excellent Tips guide :  tipsforcisaexam

In addition to all of that, a few final comments.

Firstly, try to start preparing at least 3 months ahead of the exam to give yourself sufficient time for each section. I would suggest spending two weeks on each Chapter, and then an extra week or two on those on which you are struggling. Set yourself a specific timetable to ensure you spend the requisite time studying. Take a look at the schedule we included in each week’s slides as an example. Feel free to update your schedule as required, but keep to the general plan. Keeping the discipline when studying alone can be very difficult so try to find one or two (or more) people in your area who are doing the exam and set up a study group. Getting together on a regular basis to discuss progress and issues is a good way of forcing yourself to keep on track.

Try and do all of the questions available. Personally I prefer the on-line questions database. It is configurable to give you what you need at the time you need it, whether you have half an hour here or there, or want to do your questions in an hour or two-hour stretches.  If you are using the Q&A books, try to get all of them, with the supplemental questions. See some further thoughts on this in my answers to the questions below.

A mail I received from Sunil Nangare from India asked some more specific questions which I list below with my suggestestions. Thanks for the feedback and questions Sunil, I hope this helps.

Q1. For Domain 2 , on the segregation of duties matrix,any tips/ short-cuts to remember the matrix .
Further , whether it is important to remember all the roles to identify the SOD or incompatible

I don’t have a specific trick to learning this table of duties. Personally I struggle to learn things off by heart, I need to understand the concepts and principles in order to be able to remember. For matrices like these, try to understand the job functions that each of these roles should be performing. Understand the principles of which functions should not be done with other functions and why. This can then assist in answering questions on which functions can and can’t be performed together. In practice we also see that many organisations struggle with staff shortages and it necessitates that people double up (or more) on the job functions being performed. Many times this results in incompatible functions being performed. Try and stick to the theory in answering questions on this area rather than base your answers on what you are seeing in practice. Also try to think about what compensating controls could be put in place to allow people to perform what otherwise may be considered conflicting roles.

You will not have to reproduce a table like this, but would most likely get one or two questions on this, either directly or through a case study type questions. So you don’t have to know all the roles in order to be able to list them but could be asked about any of them.


Q2. In addition, whether its is a good idea to solve all the questions in the online database after
revision of each chapter or we need to space it out in a sample of 50 questions. Further, what is a
good score from the online database which will give a comfort on the preparedness.

I would do this on a sample basis. Read each chapter, do the revision questions in the Review Manual, do some of the questions from the database, make sure that you read all of the answer explanations regardless of whether you got the answers right or wrong, identify areas where your knowledge is lacking and then revise those in a bit more detail. The online database keeps track of the questions you get wrong so can be used to come back to those.

Q3. If the sample method is to be followed. How do we revise and work upon the questions which have been incorrectly answered.

As above, read all of the explanations for all of the questions, regardless of whether you got them right or wrong. Revise from the Review Manual on those areas where you had a number of incorrect answers. I used the database to first give me “new questions” that I had not previously answered. I would do a few batches of these. Then I would set it to only give me questions I had answered incorrectly the previous time, and work my way through answering these questions again, and hopefully getting them right the second time. If I still got a few wrong I would flag those for extra attention. In doing this, by the time I got to the exam, I had answered every question in the database at least once, and the last time I had answered the question I had answered it correctly.

A number of people suggest using a lot of supplementary material to the Review Manual. I would agree with this, however, only after you have been through the manual at least twice, in detail, and answered all of the review questions. I would suggest extra material (than what is in the review manual) where you are struggling to understand concepts. Areas I have seen people struggle include things like cryptography, networking and firewalls, sampling techniques amongst others.

If you go through the on-line videos I posted on YouTube, or download the PDF’s of the slides, you will see that in some cases there are links to supplementary videos and extra material to download. I would suggest you watch these and download the material. The ISACA CISA glossary of terms is an extremely useful document. Download it and use it throughout your studies. Even print a copy that you can then highlight as you come across each term and flag those you may be struggling with. By the time you have finished your studies you should have used / understood all of the terms.

Should you have any further questions or comments, please feel free to mail me, or to use the comments section below.  Good luck with the studies.

Tags: , ,

Categories: CISA, ISACA

3 Responses

  1. Andrew Falcon:

    Hello Justin, I have been watching your 2015 YouTube videos on CISA preparation. I noticed all the videos on YouTube except for the Introduction (Session 1) and Session 13. Did you upload these sessions and is there a way of getting them?

    Andrew Falcon

    15.09.2016 19:00 Reply

    • Justin:

      Hi Andrew

      There was not much of value in terms of learning from session one. It was more planning and house keeping so it wasn’t broadcast. All of the sessions which were recorded were done as live streams and recorded directly from those streams, so those available are all that there are.

      Hope you are finding them useful.


      16.09.2016 18:06 Reply

  2. Justin:

    I didn’t directly answer the part about what is a good score in the practice questions. I would aim for around 80% to be reasonably secure. But also as stated above, make sure you have correctly answered every question by the time you get to the exam. The exam wont have many (any?) questions lifted directly from the question database but they will be similar in style and content so as long as you understand the principles being tested you should do just fine.

    17.10.2015 20:56 Reply

Leave a Reply

%d bloggers like this: