The IIA Qualification in Computer Auditing is now closed to new candidates. The final exam was held in November 2008.
The information below is for reference only, for anyone who would like to know what QiCA holders studied when they took this qualification.
Successful IIA Qualification in Computer Auditing students were awarded the designation QiCA, showing that they were able to:
The IIA Qualification in Computer Auditing comprised two Theory Modules and one Professional Experience Module. It was assessed by examination and students submitting a log of work experience. The content of these elements is set out below.
This module aimed to increase general understanding of the principles and practices of information systems auditing. It is recognised that auditors work in different types of computing environments so you are not required to give examples of specific hardware or software environments at this level. Those who have successfully completed the module will be able to:
The module aimed to give a detailed understanding of the principles and practices of information systems auditing at an advanced practitioner level. This module focused on some of the more technical issues. It was aimed at those who carry out 'hands-on' computer audits of a technical nature. Students were expected to provide examples and illustrations of how systems software deals with specific control issues drawn from your own experience. There were five specialist areas in the syllabus:
Those who have successfully completed the module will be able to:
IIA Qualification in Computer Auditing students also needed to keep a detailed log of their work experience for two years, showing 1600 hours computer auditing related work. They could start recording their experiences as soon as they enrolled using the log provided by the Institute. The log comprises: Basic experience showing at least 250 hours of computer auditing work including;
Specialist topics in three out of five specialist areas showing at least 250 hours work in each area;
Employers should note that an appropriate manager is asked to validate the evidence provided by students in their log.