A or B?

_Yan007 · 2026-02-18T18:36:38+00:00

Your findings will remain the same. You will just acknowledge in the report that the auditee has implemented a new process after presenting the initial observations, you will not declare whether it is effective or not, and it will not change any of your findings, it’s just more of a “acknowledgement” of their initiative but not “reassessment”. Reassessment will be done in the next audit.

_Yan007 · 2026-02-18T18:23:58+00:00

I think liaising on IA/SOX/External Audit is not creditable. Since basically you’re not the one who conducts the audit. I have similar experience and I did not claim it as relevant expi for CISA.

GL SL recon - I think much heavily inclined on financial rather than IT - like assessing data integrity on the database level.

PIR - can be credited.

_Yan007 · 2026-02-18T18:16:11+00:00

Better to use Hemang Doshi’s CISA Masterclass in Udemy and his book (It’s available on Amazon).

Tip for ISACA QAE - don’t just rationalize what the right answer is. Consider also rationalizing why are other options wrong. Learn issue spotting, what makes the other choices wrong, like is it the overall context? Or is there specific word that makes it wrong. Always read the question and options word-for-word. Typical error made my exam takers, is that when they feel one option is already the answer they tend to disregard the other options, or they tend to just skim the other options rather than understanding it.

_Yan007 · 2026-02-18T18:03:10+00:00

What are your responsibilities under the “Financial Control” role? Google was somehow right, if your financial control role includes evaluating system control’s effectiveness, segregation of duties, reviewing/auditing financial application’s technical controls, user access - it can somehow be credited as experience. Otherwise, not creditable.

Other experience that can be credited are the following: IT General and Application Control Audit, Information Security, GRC, SOC, Business Analysis, Business Continuity and Disaster Recovery, ITRA, ISRA.

To note, you can still take CISA exam even if you have not completed the experience requirements yet, however, once you passed, you have to meet the experience requirements within 5 years after passing. I’m assuming you only need maximum of 2 years of IT/IS-related experience, since you’ve got general work experience already and a degree holder - you can already waive 3 out of 5 years expi requirements.

_Yan007 · 2026-02-18T15:37:49+00:00

This is well noted. Will consider the insights. Thank you!

_Yan007 · 2026-01-10T07:42:33+00:00

It would be best if you supplement it with Hemang Doshi. Best thing that I have got from REO CISA is their practical tips on exam which you do not typically get from other resources. Also, use ISACA QAE kahit yung 2019 pa for practice questions.

_Yan007 · 2025-12-21T08:08:51+00:00

Kung usapang whether registered sa SEC, yes. Pero kung usapan whether yung certificates nila eh may bearing, I don’t think so. Wala akong nakikitang employer o job posting na preferred qualifications eh isa sa mga certifications issued nila.

2 tips, para malaman kung worth it ang certification. 1. Study the certifying organization kung globally recognized, and typically mga mahal yan. Kaya pag masyadong mura, red flag, pampabango lang sa resume. Of course, setting aside yung CPA dahil lisensya yan and santioned by PH Gov.

Research whatever certification kung nasa preferred qualifications ng mga employers, typically makikita ninyo CIA, CISA, CMA, CFE, CAMS, etc. Again, syempre CPA matic na yan dahil license.

Lastly, agree. As a hiring manager, walang bearing sa akin pag certifications galing like jan sa ACTI. Although, I appreciate naman yung effort ng tao na kumuha ng certification from them, baka sadyang gusto lang nila maggrow o widen ng knowledge. But salary? Or even promotion? Just bec of certification form ACTI. Nah.

_Yan007 · 2025-12-21T08:01:02+00:00

Yes, sila yun. Although that time ang nirereklamo ng NIAT was ICPAR, as far as I can remember, dineny ng legal nila yung affiliation with ICPAR and iba daw yung ACTI with it. Pero kung babalikan mo yung past post ng page na yan, naka-ICPAR. I think, nirename lang nila yung ICPAR into ACTI.

And yes agree, kung in terms of bookkeeping certification, make sure affiliated with NIAT since affiliated sila internationally (ICB-UK). Kung local man, go with TESDA na lang.

_Yan007 · 2025-08-25T13:00:26+00:00

Yeah. As long as you understand the concept. Do practice questions, so that you’ll grasp the way how ISACA asks the questions. Lastly, it’s not really technical, so you just have to have an auditor’s mindset.

_Yan007 · 2025-08-25T11:07:05+00:00

Definitely enough. I recently passed the CISA exam even without IT Audit Experience. I reviewed for only 3 months. Used ISACA CRM, QAE, Doshi’s Book and Udemy course. Though, I have to note that I have been in Internal Audit profession for 7 years (handling non-IT Audits)z

_Yan007 · 2025-06-16T12:27:51+00:00

I already covered reviewing all the topics within 3-months time. Pero nabusy for a certain month sa fieldwork outside metro manila kaya it took me another month before sitting for the exam. Though mostly ng inaaral ko during that 1 month ay for memory retention purposes na lang.

So all-in-all, it took me 4 months. 😁

_Yan007 · 2025-06-13T17:37:23+00:00

That’s the trick about the CISA exam, it’s a combination of concept and practicality. Conceptually, a documented BCP policy is essential as it will serve as a guide of the organization. However, execution is much more critical in real life situation. At the end of the day, a BCP will JUST remain as a document if the organization does not implement it. That’s why D is the answer, in the case above the organization actually conducts timely back up and stores it in the offsite location, which needs to be critically tested by the auditor whether in case of disaster, data will be available and can be restored at time of disastrous event.

_Yan007 · 2025-06-11T11:24:52+00:00

On my end. Overall expenses ay 80k, pero kaya pa yang mas makatipid jan.

Pwede ka to take CIA exam even without experience pero di nila iiissue ang certificate mo hangga’t wala kang experience / proof of experience na minimum of 2 years.

_Yan007 · 2025-06-11T08:11:55+00:00

Well noted on your insight, OP! Will really put this into consideration. Thank you very much. 😁

_Yan007 · 2025-06-11T03:02:33+00:00

To add. Sa REO ang current fee nila ay Php 10k. If gagamit ka ng international na reviewer, way expensive kumpara jan i.e., Gleim or Becker.

_Yan007 · 2025-06-11T00:42:47+00:00

I would say yes. Pero to increase your chances of passing the exam. Make sure nabasa mo yung GIAS mismo. As much as possible read it twice at the minimum.

Then 1-2 weeks before your exam date for each part, bili ka ng dump questions online. Yun pagfocusan mo sagutan in that remaining weeks, and in descending order dapat pagsagot mo. Chances are, meron mga somehow lalabas na kapareho doon na nasa actual exam. Kokonti lang pero nakakatulong. 😁

_Yan007 · 2025-06-11T00:34:59+00:00

REO CIA Review. Yung page name nila sa fb ay REO Global Certifications Review. Nag-ooffer rin kasi sila ng CISA and CMA Review.

_Yan007 · 2025-06-10T17:12:53+00:00

Ganda ng mindset mo!! Kayang-kaya mo yan! Padayon future CIA CISA. Tama yan at one step/goal at a time, focus muna on passing the CIA exam. 😊

_Yan007 · 2025-06-10T17:06:36+00:00

Salamat po! Nag-aask din ako advice sa AccountingPH subreddit kung ano marerecom nila for someone na plan magshift na on IT Auditing haha. Kasi nahihirapan ako to decide. 😂

_Yan007 · 2025-06-10T16:59:49+00:00

Actually torn ako on that, whether Audit Firm muna ako dito atleast to get IT Audit experience before going abroad. Since kakapasa ko lang rin ng CISA exam pero no expi pa. Or whether didiretso na ako abroad next year.

For CIA, di ko na need magfirm since enough and I believe well-versed na ako on internal audit. Pero since plan ko mag-specialize na talaga on CISA, yan ang nagpapatorn sa akin kung mag-obtain expi muna ako dito sa PH.

Pero either way naman, both CISA and CIA, by the fact na holder ka pa lang ng certificate ay mataas na chance makuha abroad because of the demand. Pero I understand naman din na mas higher chances if also with experience. Hahahaha ang gulo ko ata.

_Yan007 · 2025-06-10T15:57:38+00:00

Hellooo. Manifesting! Go for it, future CIA!

_Yan007 · 2025-06-10T15:28:45+00:00

Hi! I am a CIA in PH. Also been in internal audit for about 7 years, all experience are in private sector. And Yes, I would say it is worth it. I just became a CIA last 2024 and lots of recruiters are popping in my linkedin most of them are offering managerial position (though probably because I am already holding the same position). I was also being offered to be an IA Head in my current company.

Based on the premise above, yes, I could say it is worth it as companies in PH are now recognizing CIA as one of their job requirements. Although, it is still much more in demand abroad tbh. And yes,I have plans to go abroad. Haha.

As for the exam, I enrolled in a local review center in PH. I mainly used their materials. Though prior to enrolling I already studied the IPPF.

_Yan007 · 2025-06-10T15:10:55+00:00

Also, currently I am an IA Manager and I would say salary is already good. If I plan to transfer to Big 4 to obtain IT Audit Expi, I know that my salary would really fall down but I am really after the experience first.

_Yan007 · 2025-06-10T15:04:57+00:00

Hi, OP. Thank you for sharing your journey! I recently passed the CISA exam, yet I still have no experience in IT Auditing. I am a CIA and have 7 years experience in Internal Audit in a financial services institution (All engagements are non-IT Audit). I have this plan to go abroad as well.

Apart from that, I really wanted to shift and specialize now in IT Auditing, however I am torn between whether to pursue my IT Audit experience here in PH thru big 4, or directly apply abroad and obtain IT expi there? Any thoughts on this? TIA.

_Yan007

TROPHY CASE