Barry Mulcahy
Senior Manager, ISRM M&A
CISA
I’m the Sr. Manager for ISRM Mergers and Acquisitions (M&A) reporting to the Director of IT Risk Management Seema Singh. I joined McKesson over 18 months ago, not long after the M&A team had been created. With processes still being defined and the M&A service being promoted to internal stakeholders it was an opportunity to shape the course of the group. I identified the ISACA Certified Information Systems Auditor (CISA) course as being a good fit to expand my knowledge and build on previous certifications like CISSP.
Sometimes it can be hard to relate courses back to our everyday job. This wasn’t my experience with CISA. I found the content to be directly applicable to my role in M&A and I think anyone working as a security analyst, operations manager or product development could benefit from it. As the name implies, CISA is centred around the Audit function but it’s certainly not just for auditors. For the rest of us, it provides understanding of the audit process and better prepares us to be on the receiving end of an audit. The rigorous and structured nature of a good audit should be reflected in a team’s processes and that process maturity should grow to match audit expectations. I’ve brought those lessons back to M&A so that we can better anticipate audit touchpoints and also apply them to the due diligence assessment of companies we’re considering as a potential acquisition (a double win!).
Undertaking this type of course can be daunting, there’s quite a lot of content (CISA has five domains) and a high failure rate (CISA is estimated at 50% average pass/fail rate). I would advise finding some like-minded people to help keep focused and set time in your calendar each week dedicated to study. It’s so easy to start studying and let it trail off wasting that initial effort and good intentions. I was lucky in Cork with 5 other ISRM staff taking up the CISA challenge and becoming study-buddies. Covering course content in your own time is key then coming together weekly for tricky topics and questions. Pluralsight has some good videos and getting some question sets is really useful, especially coming up to the exam to understand the question style and areas of difficulty. I’m proud to say all six of us in McK passed the first time of asking. My CISA exam results were good enough to place me in the Ireland Top 3 for 2019.
Continuing education is crucial to your professional development and this type of certification can be found in most ISRM job descriptions so it’s a solid investment in staff and for your future. That reminds me, I need to look at what’s in CISM next . . .
Barry Mulcahy Ph.D. CISSP CISA