You’ve just gotten an email from a potential vendor looking to make a connection.  In their signature, following their name is a list of five abbreviations, all intended to make them appear qualified, reputable, and knowledgeable.   But what do they actually mean?  Are they relevant to the service you are trying to procure? 

A pilot’s license is crucial for a commercial airline pilot but irrelevant for practicing law.  Similarly, technical certifications are outstanding for your IT department, but not so relevant when looking for someone to issue a Service Organization Control (SOC) Report

If you need to provide a SOC Report  to your clients or customers, no matter the version you need, you’ll need a CPA.  Other organizations may require very specialized certifications, such as Pulse and STAR requiring a CTGA (Certified TR-39 Auditor) to perform ATM and PCI Pin compliance audits.  

Who issues certifications for cyber risk management professionals?

Everyone’s heard a story about someone getting ordained by an internet church in order to be able to officiate a wedding. However, when it comes to mission critical work being performed for your firm, you want to make sure the certifying organization is established, creditable, and respected.

ISACA is the standard for IT governance certifications. Here are a few ISACA certifications you should be aware of:

  • Certified Information Systems Auditor (CISA) is a globally recognized certification for IT audit control, assurance, and security.
  • Certified in Risk and Information Systems Control (CRISC) is for IT professionals focused on IT and enterprise risk management.
  • Certified in the Governance of Enterprise IT (CGEIT) is a management to C-suite level certification focused on enterprise IT governance principles and practices, as well as strategic alignment.

The American Institute of Certified Public Accountants (AICPA) offers the Certified Information Technology Professional (CITP).  This certification is only available to CPAs, and focuses on combining information assurance and business insight to bridge management and technology.  The CITP certification demonstrates that the CPA has a deep understanding of technology, including the ability to understand the technology risks that can impact financial statements, perform data analytics to reveal vital insights for business plans, and evaluate security programs and policies.

While certification is important, its equally as important to understand the experience of the individual.

Certifications ensure a baseline knowledge and understanding, but experience matters.  If you need heart surgery, would you choose the young doctor who just finished his residency, or the seasoned journeyman surgeon who has completed hundreds of successful operations? 

Certifications are not one size fits all.  Your organization has unique needs, challenges, and opportunities.  Make sure that those you entrust with access to your financial and technology systems have the appropriate credentials, experience, and depth of knowledge.  Evaluating and selecting the appropriate vendor for each business need will have concrete, measurable results.


Subscribe to HORNE Cyber Blog



Mike is the partner in charge for HORNE Cyber. His primary focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.

Find me on: