Audit terhadap pemegang sertifikasi ISACA ( CISA, CISM, CGEIT, CRISC )

Catatan : Artikel mengenai sertifikasi CISA dan CISM dapat dilihat di Sertifikasi Profesional TI : CISA dan CISM

ISACA melakukan audit terhadap pemegang sertifikasi (CISA, CISM, CGEIT, CRISC) secara acak. Pada bulan Juli 2013, saya menerima e-mail dari ISACA bahwa saya terkena / terpilih untuk diaudit mengenai pemenuhan syarat untuk terus memegang sertifikasi CISA, khususnya pemenuhan Continuing Professional Education (CPE). Saya diminta mengirimkan bukti  atas laporan saya bahwa pada tahun 2012 lalu saya mendapatkan 35 hours of CPE. Jika saya tidak mengirimkan bukti, atau bukti yang saya kirim dinilai tidak sesuai dengan persyaratan, maka sertifikasi CISA saya akan dicabut.

Hal ini memang tercantum di dalam aturan sertifikasi sbb :


Audits of Continuing Education Hours
Those chosen for an audit must provide written evidence of previously reported activities that meet the criteria described in the Qualifying Professional Education Activities. Please send copies of supporting documentation, since documents will not be returned. The CISA Certification Committee will determine the acceptance of hours for specific professional educational activities. Those individuals who do not comply with the audit will have their CISA certification revoked
 
E-mail yang saya terima dari ISACA mengenai audit tersebut adalah sbb :

From: CISA AUDIT
Sent: Tuesday, July 23, 2013 4:09 AM
To: Dwi Kurniawan
Subject: CISA Audit Notification

     Re: Audit of 2012 CISA Continuing Professional Education Records - CISA Certification Number 
      XXXXXXX

Dear Mr. Dwi Kurniawan, CISA,CISM:

In accordance with the CISA Continuing Professional Education (CPE) Policy, each year an audit of individual compliance is performed. This email is to inform you have been randomly selected for an audit of your 2012 CPE.  A hard copy audit notification letter will be sent to you the week of 22 July 2013 reiterating this information.

Listed below are the CPE hours you reported for the 2012 period. Please provide full and complete documentation as required by the policy in support of the CPE hours reported, otherwise additional follow-up will be necessary and will delay the verification process.

       2012 CPE Hours Reported:  35.00

 For CPE hours earned that were associated with a training activity, documentation should be in the form of a letter, certificate of completion, attendance roster, Verification of Attendance form or other independent attestation of completion. At a minimum, each record should include the name of the attendee, name of the sponsoring organization, activity title, activity description, presenter name(s), activity date and location, and the number of continuing professional education hours awarded or claimed. Please see www.isaca.org/cisacpepolicy for documentation requirements of CPE hours earned in other ways.

To clearly identify that the information you are sending pertains to this audit request, supporting documentation of your 2012 CPE can be submitted to us via:

        (1) postal mail to the address below or
       (2) email, as one complete PDF document to xxxxxxx

In either case, a copy of this email or a copy of the notification letter, along with copies of your CPE documentation is required to be sent. Please note that copies of supporting documentation should be provided as documents will not be returned.

             ISACA,  Certification Audit Review Committee,  3701 Algonquin Rd., Suite 1010
            Rolling Meadows, IL  60008, USA

Please send the information by 23 August 2013.  If we do not receive a response or the support documentation by the set deadline, your CISA certification will be subject to revocation.  If you have any questions, please contact the certification department at xxxxxxxor via email at xxxxxxx.  Thank you for your prompt attention to this matter.

Sincerely,

xxxxx

     Senior Director of Certification
     ISACA: Trust in, and value from, information systems

Saya tidak kaget dengan e-mail tersebut, karena beberapa tahun yang lalu saya mendengar seorang teman saya juga terkena / terpilih untuk diaudit. Namun payahnya, meskipun sudah tahu bahwa kemungkinan saya akan terkena audit, saya sering tidak disiplin mengumpulkan bukti CPE saya. Apalagi sudah 8 tahun saya memiliki sertifikasi CISA dan CISM, belum pernah terpilih / terkena audit. Jadinya sekarang saya harus kerepotan mencari bukti tersebut….

Bukti CPE bisa berupa sertifikasi traning yang pernah kita ikuti, daftar hadir, surat keterangan dari panitia acara seminar dll. Karena beberapa kegiatan saya tidak punya sertifikat atau bukti kehadiran, maka saya kemudian minta dibuatkan surat keterangan dari panitia kegiatan. Contoh surat keterangan yang saya buat/minta adalah sbb :

                                                                                                       

      Jakarta, February 25th, 2012
     To Whom It May Concern

This is to certify that Mr. Dwi Kurniawan, CISA, CISM has attended the 9th EMEAP IT Directors’ Meeting as follow :

                     Event      :  The 9th EMEAP ITDM (Executive Meeting of East Asia Pacific                                        
                                        Central Banks Information Technology Directors’ Meeting)

                    Place       : Bali, Indonesia

                    Time        : 15th  February 2012 to 17th  February 2012 (3 days), from 9 am to 5 pm every day

                    Topics     : -  Data Center and Recovery Center

                         -    Information System Security

        Agenda : attached

                         Attendee : IT Directors and delegates from 11 EMEAP members (Bank Indonesia, Bank of Japan, Reserve Bank of Australia, Bank of Korea, People’s Bank of China, Hong Kong Monetary Authority, Reserve Bank of New Zealand, Bank Negara Malaysia, Bangko Sentral ng Pillipinas, Bank of Thailand, Monetary Authority of Singapore)

 In the event, Mr. Dwi Kurniawan, CISA, CISM joined as speaker and delegation member for the duration of the meeting.

  Yours Sincerely,

      xxxxxx
      The 9th EMEAP ITDM Committee.
      Phone : xxxxx
      e-mail : xxxxx

Saya sertakan sekalian saja foto dari acara tersebut :

Setelah itu semua bukti (sertifikat training, surat keterangan di atas dll) saya scan dan ubah ke satu file pdf dan saya kirim ke ISACA :

From: Dwi Kurniawan
Sent: Tuesday, August 13, 2013 1:51 AM
To: CISA AUDIT
Subject: RE: CISA Audit Notification

     To:   ISACA, Certification Audit Review Committee,  3701 Algonquin Rd., Suite 1010,
              Rolling Meadows,  IL  60008 USA

Re: Audit of 2012 CISA Continuing Professional Education Records - CISA Certification Number xxxxxxx

Dear Sir/Madam,

Referring to e-mail from CISA AUDIT in July 23, 2013 about CISA Audit Notification, hereby I sent supporting documentation of my 2012 CPE as attached.

Thank you for your attention.

Sincerely,

     Dwi Kurniawan, CISA, CISM

Syukurlah, sebulan kemudian ada e-mail dari ISACA bahwa saya lulus audit.

From: CISA AUDIT
Sent: Wednesday, September 18, 2013 2:07 AM
To: Dwi Kurniawan
Subject: RE: CISA Audit Notification

We have received the documentation of your 2012 CPE hours; thank you.  Upon review, the CISA committee finds that you are in compliance with the audit.  You will also be sent a hard copy letter confirming this information.

Please feel free to contact me should you have any further questions.

Sincerely,

xxxxx

         ISACA/ITGI
         Certification Assistant


Posting Terkait : Sertifikasi Profesional TI : CISA dan CISM