ISACA CISA Exam (ISACA CISA ( Certified Information Systems Auditor )) Detailed Information
Certified Information Systems Auditor (CISA
Enhance your career by earning CISA
—world-renowned as the standard of achievement for those who audit, control, monitor and assess information technology and business systems.
Boost Your Credentials and Gain a Competitive Edge
designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA
-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.
How to Earn Your CISA
To learn more about obtaining your CISA
, click on the steps below.
Step 1: Register for the Exam »
Step 2: Prepare for the Exam »
Step 3: Take the Exam »
Step 4: Apply for Certification »
Step 5: Maintain a Certification »
How to Become CISA
designation is awarded to individuals with an interest in Information Systems auditing, control and security who meet the following requirements:
Successful completion of the CISA
Submit an Application for CISA
Adherence to the Code of Professional Ethics
Adherence to the Continuing Professional Education Program
Compliance with the Information Systems Auditing Standards
1. Successful completion of the CISA
The examination is open to all individuals who have an interest in information systems audit, control and security. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score. For a more detailed description of the exam see CISA
Certification Job Practice. Also, CISA
Exam Preparation resources are available through the association and many chapters host CISA
Exam Review Courses (contact your local chapter).
2. Submit an Application for CISA
Once a CISA
candidate has passed the CISA
certification exam and has met the work experience requirements, the final step is to complete and submit a CISA
Application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA
job practice areas) is required for certification. Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:
A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
A bachelor's or master's degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
A master's degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
Exception: 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.
As an example, at a minimum (assuming a 2-year waiver of experience by substituting 120 university credits), an applicant must have 3 years of actual work experience. This experience can be completed by:
3 years of IS audit, control, assurance or security experience
2 years of IS audit, control assurance or security experience and 1 full year non-IS audit or IS experience or 2 years as a full-time university instructor.
It is important to note that many individuals choose to take the CISA
exam prior to meeting the experience requirements.
This practice is acceptable and encouraged although the CISA
designation will not be awarded until all requirements are met.
The work experience for CISA
certification must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam. The CISA
Application for Certification is available at www.isaca.org/CISA
app. Note that candidates have 5 years from the passing date to apply for certification.
3. Adherence to the Code of Professional Ethics
Members of ISACA and/or holders of the CISA
designation agree to a Code of Professional Ethics to guide professional and personal conduct.
4. Adherence to the Continuing Professional Education (CPE) Program
The objectives of the continuing education program are to:
Maintain an individual's competency by requiring the update of existing knowledge and skills in the areas of information systems auditing, control or security.
Provide a means to differentiate between qualified CISA
s and those who have not met the requirements for continuation of their certification
Provide a mechanism for monitoring information systems audit, control and security professionals' maintenance of their competency
Aid top management in developing sound information systems audit, control and security functions by providing criteria for personnel selection and development
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.
View the complete Continuing Professional Education Policy.
5. Compliance with the Information Systems Auditing Standards
Individuals holding the CISA
designation agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.
ISACA Certification: IT Audit, Security, Governance and Risk
Earn an ISACA certification and enhance your professional credibility. A CISA
, CISM, CGEIT or CRISC after your name confirms to employers that you possess the experience and knowledge to meet the challenges of the modern enterprise.
Get recognized as an expert in your profession
With a globally recognized ISACA certification, you hold the power to move ahead in your career, increase your earning potential and add value to any enterprise.
Are you newly certified? Share your success: contact firstname.lastname@example.org for customizable communications.
ISACA offers the following certifications:
Certified Information Systems Auditor Learn more about CISA
certification is world-renowned as the
standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. The recent quarterly
IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners ranked CISA
among the most sought-after and highest-paying IT certifications.
Job Practice Area
A job practice serves as the basis for the exam and the experience requirements to earn the CISA
certification. This job practice consists of task and knowledge statements, organized by domains.
ISACA has prepared a variety of study resources in various languages to fully prepare for your CISA
Exam. These include primary references, publications, articles, the ISACA Journal and other links.
ISACA eLearning Campus offers a variety of online learning courses for certification exam preparation and continuing professional education.
ISACA chapters in numerous countries offer CISA
Review courses. View the Review Course list to determine if there is a course in your area, or contact your local chapter for additional courses.
Exam Preparation Community
ISACA created the CISA
exam preparation community as a place for current CISA
exam registrants to collaborate and study with other registrants within the ISACA environment.
ISACA Singapore Chapter has developed a 5-day weekend Review Course and Mock Test (100 questions) to help you with final week preparations for your certification exam. The training designed to provide an overview of the exam, including domains covered, format, structure and the testing approach.
The review course would be followed by a mock test (100 questions) for the purpose of assessing your preparations towards successfully passing the upcoming certification Exam. Learn specific strategies, techniques and tips for taking and passing the exam. The course uses lectures, group discussions and facilitator presentations, as well as self-assessment. Earn up to 20 continuing professional education (CPE) hours that may be applicable to your current certifications.
Weekend Review Workshop
-Gain an understanding of the format and structure of the CISA
- Understand the various topics and technical areas covered by the exam
- Learn specific strategies, tips and techniques for taking and passing the exam
- Understand the testing approach
- Execute practice questions with detailed debriefs of answers
- Self assessment to test your readiness during CISA
exam mock test
For more information on CISA
, please visit: http://www.cvent.com/d/sfqhbk
CPE Credits: 20
Members: S$500 (Early Bird)
Nonmembers: S$600 (Early Bird)
Certified in Risk and Information Systems Control (CRISC) Print
ISACACertified in Risk and Information Systems Control (CRISC)
Certified in Risk and Information Systems Control (CRISC) is an advanced certification introduced in 2010 by ISACA, and designed for IT and business professionals who identify and manage risks through the development, implementation and maintenance of appropriate information systems (IS) controls.
CRISC is designed for experienced professionals, who can demonstrate 5 or more years of IT or business experience, and at least 3 years of experience in the CRISC focus areas. It also requires passing a 4-hour test, designed to evaluate an applicant's understanding of risk and information systems controls.
The professional experience and knowlegde requirements are grouped into 5 job practice domains:
Domain 1 — Risk identification, assesment and evaluation
Domain 2 — Risk response
Domain 3 — Risk monitoring
Domain 4 — IS control design and implementation
Domain 5 — IS control monitoring and maintenance
Relationship with other ISACA certifications
CRISC is intended to complement ISACA’s three existing certifications.
CRISC is for IT and business professionals who are engaged at an operational level to mitigate risk while Certified in the Governance of Enterprise IT (CGEIT) is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management;
CRISC is for IT and business professionals who design, implement and maintain IS controls while CISA
is designed for IT professionals who perform independent reviews of control design and operational effectiveness;
CRISC is for IT professionals whose roles encompass security, operational and compliance considerations, while CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks.