Certified Information Technology Professional
Certified Information Technology Professional (CITP) is a professional certification for professionals in the field of Information Technology. The CITP credential recognizes technical expertise across a wide range of business-technology practice areas. Qualifications of the credential encompass most general IT fields, such as system architecture, system development and management.
The credential is given to CPAs [1] only but different organisations offer these to professionals of varied qualifications. These professionals are expected to be able to assess risk, uncover fraud and perform audits within a business. Most firms that offer these certifications require an unrevoked and valid CPA licence.
Qualifications for the CITP
In some firms, CITP is offered only to those that have completed a formal exam, which includes the five CITP Body of Knowledge areas:[2]
- Risk Assessment
- Fraud Considerations
- Internal Controls & Information Technology General Controls
- Evaluate, Test and Report
- Information Management and Business Intelligence
These main topic areas have a larger field of information behind them; those applying for a qualification need a comprehensive understanding of these disciplines.
In addition, certain certifications and advanced degrees also apply. To be awarded the CITP credential, a CPA must qualify for 100 total points on the application. On the CITP Credential Application you will be asked to sign a Declaration and Intent to comply with all the requirements for CITP recertification. A percentage of CITP applications will be randomly selected for further review each year, and if selected, the applicant agrees to provide detailed documentation (including specifics of Business Experience and Lifelong Learning) to support the assertions of the application.
CITP Body of Knowledge
Those applying to for a CITP require a breadth of knowledge in the fields listed above. Each main topic has a number of specific outcomes, similar to those found in an educational syllabus. The following data comes from The American Institute of CPAs,[3] an issuer of the CITP certification, however these go much more in depth. The five fields listed above are split into seven, to simplify the understandability of the information.
Technology Strategic Planning
Technology Strategic Planning looks at the understanding of enterprise or business strategy and vision to begin with. This focuses on the business focus and the position of the business in its industry, as well as the impact of IT upon it. Technology Strategic Planning also explores the current IT environment of the business processes, as well as assessing risk of the business in IT.
Envisioning future environments as well as assessing strategic IT plans for the business is also a factor that is important in this body of knowledge.[2]
IT Architecture
IT architecture looks at the business' infrastructure, software, people and procedures as well as the data flow. This also looks at the system reliability and management, while understanding protocols, standards and enabling technologies are required as well. Application development environments are core to this topic, looking at database design, data definition, and models of dataflow.[3]
Business Process Enablement
Business Process Enablement looks at more business styled requirements, with stakeholder identification and requirements core to this topic. Business functionality and models paired with risk and business strategy add to the complexity of this topic. The impact of IT on the models of the business is something that is looked at as well, however, this is more to identify the effects of IT on the traditional business process.[3]
System Development, Acquisition, Implementation, and Project Management
System development leads to the identification of technology and its enablement of business processes. Acquisition of systems for commercial usage as well as understanding a software's System Development Life Cycle looks at requirements, risks and models again. System implementation identifies the effects of the software being implemented, while project management assesses the plans and controls of the program being implemented.[4]
Information Systems Management
Information System Management looks at assessing the IT organisation, policies and procedures, while also the operations, effectiveness and efficiencies of the business in its industry. This also assesses asset management, change control and problem management. Financial Control over IT resources looks at performance metrics and IT costs.[5]
Systems Security, Reliability, Audit and Control
Systems Security looks at reliability, controls and evaluation of a particular system in a business. While focusing on cyber security for the software in play in the business, professionals also need to understand privacy issues of the customers of the business. System Audit and Control looks at understanding system controls, testing these controls, and assessing the effectiveness of the controls.[3]
IT Governance & Regulation
Governance establishes risk thresholds for Critical Information Assets as well as establishing broad IT program principles. It also protects stakeholder interests dependent on IT.
This topic also pushes the professional to find and have a broad understanding of federal laws, rules and standards that are present in the business' operation space.[4]
CITP Multiple Entry Point System (MEP)
To be awarded the CITP Credential, a CPA must accumulate 100 total points. Total points will be earned based on business experience, lifelong learning, and, if required, the results of an examination.
Business Experience Requirement
- To be awarded the CITP credential, the candidate must earn a minimum of 25 points for business experience within the five-year period preceding the date of application.
- The maximum number of business experience points that can be earned over the preceding five-year period is 60.
- 40 hours of IT-related business experience equals approximately 1 point.
The final number of points earned in this category will be determined by a combination of the number of hours of experience and the scope of that experience. Eligible business experience must address the seven practice areas that currently comprise the CITP Body of Knowledge. Academics may count their time lecturing and teaching towards the business experience requirement.
Life Long Learning (LLL) To be awarded the CITP credential, you must also earn a minimum of 25 points in lifelong learning within the five-year period preceding the date of application. The maximum number of lifelong learning points allowed over a five-year period is 60.
The objectives of the lifelong learning requirement are twofold, to:
- Maintain your competency by requiring timely updates of existing technology knowledge and skills
- Provide a mechanism for monitoring the maintenance of your competency
The following types of lifelong learning activities are eligible for points:
- Continuing Professional Education
- Approved courses from an accredited university or college
- Other continuing education courses
- Trade association conferences
- Non-traditional learning methods self-directed reading
- Presenting
- Authoring
- Other credentials designations and certifications, advanced degrees, and committee service
Oversight
The credential is administered by the AICPA through the National Accreditation Commission via a volunteer committee and dedicated AICPA staff. The committee was formed in 2003 and initially chaired, through 2005, by MICHAEL DICKSON, CPA.CITP. He was succeeded by the current chair, Gregory LaFollette, CPA, CITP. The committee consists of six members each serving staggered three-year terms.
References
- "AICPA". AICPA. Retrieved 2020-11-07.
- Singleton, Tommie (2017-05-10). "Complete Guide to the CITP Body of Knowledge". doi:10.1002/9781119448488. Cite journal requires
|journal=
(help) - Bailey, Andrew D. (2000-01-01). "Discussion of AICPA/CICA SYSTRUST™ Principles and Criteria". Journal of Information Systems. 14 (s-1): 9–16. doi:10.2308/jis.2000.14.s-1.9. ISSN 0888-7985.
- "through Chapter 17", Information Technology Control and Audit, Second Edition, Auerbach Publications, 2004-03-29, ISBN 978-0-8493-2032-3, retrieved 2020-11-07
- "COBIT Management Guidelines", Securing an IT Organization through Governance, Risk Management, and Audit, Auerbach Publications, pp. 328–335, 2016-01-05, ISBN 978-0-429-15436-2, retrieved 2020-11-07