AICPA, ISACA Strike Cross-Certification Deal

By Forrest Whitesides

The American Institute of Certified Public Accountants (AICPA) and the Information Systems Audit and Control Association (ISACA) jointly announced that CPAs holding the Certified Information Systems Auditor (CISA) credential from ISACA are now automatically eligible to receive the AICPA’s Certified Information Technology Professional (CITP) designation if they are AICPA members.

“ISACA and the AICPA have enjoyed a strong working relationship for years,” stated Kent Anderson, a CPA and member of ISACA’s CISA Certification Board. “We appreciate the benefits the Institute offers its CITP credential holders, and we’d like our CPA/CISA members to have access to those benefits.”

“CPAs who hold the CISA designation have clearly demonstrated not only their knowledge of accounting and general business systems, but also their commitment to information technology as a CPA practice discipline,” stated Gregory LaFollette, chair of the AICPA’s CITP Credential Committee.

The CITP certification is focused on IT-related issues and is available only to CPAs. Prior to the recently announced cross-certification program, practitioners could only qualify for CITP certification by passing a computer-based exam or through an experience-based points system, according to the AICPA.

ISACA is an international organization that, in part, develops standards, guidelines and procedures for conducting information systems (IS) audits across a wide range of professions and industries, including public accounting, finance, banking and government institutions.

Joel Lanz, chair of the Society’s Technology Assurance Committee, explained that IS audits are important to ensure that a firm’s controls are being followed internally.

“Without an IT/IS audit, there is no way to be certain that a firm’s controls are reflected properly by the computer system underlying the business,” he said. “In the absence of computer-based controls, any manual control can easily be circumvented.

“Hopefully, the latest agreement between ISACA and the AICPA is a first step toward leveraging the resources of different professional associations to convince the marketplace that we, as CPAs, are the provider of choice for IT risk-management services,” Lanz added.

“This is a good move for both the AICPA and ISACA,” said Yigal Rechtman, a member of the Society’s Technology Assurance Committee. “The agreement potentially will expose more AICPA members to the COBIT framework for information technology governance and, reflexively, could bring about a greater awareness of AICPA standards to CISA-certified ISACA members.”

Rechtman added that IS auditing is a growing area of interest for CPAs in the wake of standards set forth by the Public Company Accounting Oversight Board (PCAOB).

“Now that we’re entering year two of PCAOB [compliance], IS auditing has been a real flashpoint in the profession. And it’s only going to grow from here,” he said.

For more information on IS auditing, IT governance and risk management, or other related issues as they apply to the accounting profession, contact Joel Lanz, chair of the Society’s Technology Assurance Committee at jlanz@joellanzcpa.com.