It’s a popular notion that everyone embellishes their resume to some extent. Yes, there is probably some truth to that statement. Now and then we hear a news story about people “padding their resumes”, and once in a while we hear a story about some industry or civic leader who is compelled to resign their position because they don’t have that diploma they claimed to have on their resume.
Your resume needs to be truthful. In the information security profession, the nature of our responsibility and our codes of ethics require a high standard of professional integrity. More than in many other professions, we should not ever stretch the truth on our resume, or in any other written statements about ourselves. Not even a little bit. Those “little white lies” will haunt us relentlessly, and the cost could be even higher if we are found out.
– first draft excerpt from Getting An Information Security Job For Dummies
Peter H. Gregory 
Peter, I agree 100%. One of my pet gripes is people who claim to have certifications that they don’t! For example, a person is only CISM certified when they have passed the exam and when ISACA have verified their experience. To claim to be CISM certified before both those activities are complete is misleading at best and dishonest at worst. I cannot afford either in my team.
If you are a candidate in this position write something like ‘CISM – exam passed, awaiting full certification’ on your resume – at least this gives me a balanced and fair view. You have done well to pass the exam and are in process for your certification. That is positive and I’d probably interview you.