What is CA DISA?
The Diploma in Information Systems Audit (DISA) is a post-qualification certificate course offered by the Institute of Chartered Accountants of India (ICAI). It equips Chartered Accountants with the knowledge and skills to conduct Information Systems audits, cybersecurity assessments, and digital forensics engagements.
DISA has become increasingly important as companies move toward digital operations and regulators require specialised IT audit expertise. Many CA firms now treat DISA as a prerequisite for IS audit engagements.
Who Should Pursue CA DISA?
- CAs in practice handling statutory audits of technology-intensive companies
- CAs in industry managing IT governance and internal controls
- CAs looking to specialise in cybersecurity, forensic accounting, or digital audit
- CAs seeking to expand their service portfolio to IS audit and ERP review engagements
DISA is open to all members of ICAI (Associate or Fellow). You must be a member of ICAI to register โ it is not open to students or those who have not cleared the CA Final examination.
Exam Structure and Pattern
- Study Material: 9 modules covering IT Governance, IT Infrastructure, IS Audit, Business Continuity, Cybersecurity and more
- Online Examination: Computer-based test (CBT) format, 100 objective questions (MCQs) for 100 marks
- Pass Criteria: Minimum 50% (50 marks out of 100) to pass
- Duration: 2 hours for the online exam
- Exam Windows: Conducted by ICAI at designated test centres across India on scheduled dates
Complete Syllabus Overview
Module 1: Concepts of Governance and Management of IT
IT Governance frameworks (COBIT, ISO 38500), IT strategic alignment, value delivery, risk management, resource management, performance measurement.
Module 2: Information Systems Concepts
Types of information systems, ERP systems and their audit implications, database management systems, data warehousing and business intelligence.
Module 3: Protection of Information Systems
Information security frameworks (ISO 27001), access controls, logical and physical security, encryption, identity and access management, vulnerability management.
Module 4: Business Continuity Planning and Disaster Recovery
BCP concepts, RTO and RPO, disaster recovery strategies, backup and restoration procedures, BCP testing and maintenance.
Module 5: Acquisition, Development and Implementation of Information Systems
SDLC phases and controls, project management frameworks, change management, testing methodologies, application controls.
Module 6: Auditing IT Governance and Management
IS audit standards and guidelines, ISACA standards, audit planning, risk assessment in IS audit, audit evidence and documentation.
Module 7: Auditing Information Systems Infrastructure and Operations
Infrastructure audit โ servers, networks, databases, operating systems, cloud environments, virtualisation.
Module 8: Auditing Application Controls and Business Cycles
Application controls in financial systems, ERP audit (SAP/Oracle), audit of specific business cycles (procure-to-pay, order-to-cash, financial close).
Module 9: Auditing Emerging Technologies
Cloud computing audit, cybersecurity audit, blockchain, AI/ML risks, digital forensics, mobile and IoT security.
Recommended Study Approach
Phase 1: Foundation (Weeks 1-4)
Start with Modules 1, 2, and 6 โ these provide the conceptual framework for everything else. Read the ICAI study material carefully; it is the primary source for the exam. Pay particular attention to definitions, frameworks, and their acronyms (COBIT, COSO, ITIL, ISO standards).
Phase 2: Core Audit Modules (Weeks 5-8)
Cover Modules 3, 4, 5, 7, and 8. These are the highest-weightage modules in the exam. Focus on understanding audit procedures, not just concepts. For ERP sections, relate the concepts to real audit scenarios โ this helps with application-level MCQs.
Phase 3: Emerging Technologies + Revision (Weeks 9-10)
Complete Module 9 on emerging technologies โ this is a growing area in DISA exams. Then spend the final two weeks on MCQ practice and revision. Aim for 30-50 MCQs per day in the final week.
Key Tips to Pass CA DISA
- Read ICAI material first: Questions are directly derived from ICAI study material โ third-party notes should be supplementary, not primary
- Focus on acronyms and full forms: DISA MCQs frequently test definitions and full forms of standards and frameworks
- Understand the "why" behind controls: Application-level questions require understanding, not just memorisation
- Daily MCQ practice: Consistent daily practice builds pattern recognition for the CBT format โ this is where Knolby's WhatsApp MCQ delivery excels
- Simulate exam conditions: Practice 100 questions in 2 hours before the exam โ time management is critical in the CBT
Common Mistakes to Avoid
- Underestimating Module 9 (Emerging Technologies) โ its weight has increased in recent years
- Memorising without understanding โ application MCQs punish rote learning
- Ignoring ISACA standards mentioned in the ICAI material
- Starting MCQ practice too late โ you need at least 2 weeks of intensive MCQ practice before the exam
After CA DISA: Career Opportunities
DISA opens doors to specialised IS audit engagements โ SAP audit, cybersecurity audit, data privacy compliance (DPDP Act, GDPR), RBI IT audit for banks and NBFCs, and system control reviews for listed companies. Many Big 4 and mid-sized firms seek DISA-qualified CAs for their Technology Risk and IT Advisory practices.
Start your CA DISA MCQ practice on WhatsApp โ send "Hi" to Knolby and get daily DISA questions to keep your preparation consistent and on track.