All That You Should Know About Becoming CISA Certified

The Certified Information Systems Auditor or CISA certification is among the most well-known qualifications worldwide for IS audit assurance, control, and security professionals. The CISA certification is awarded by ISACA, one of the world’s leading association of information systems audit, security, assurance, privacy, risk, and governance professionals that was established in 1969 and now has grown to have a presence in 180 countries with more than 1,40,000 members. The CISA certification has been very well accepted by the industry and more than 27,000 IT professional appear for the exam every year. As per, today there are more than 115,000 CISA-certified professionals globally.


Steps in Becoming CISA Certified

Successfully appear for the CISA exam: All individuals who are interested in the audit of information systems, its security, and control can appear for the CISA exam. Candidates who are successful are notified of their passing score along with all the information that is needed to apply for the certification. For details on what the test is, you can consult the CISA Certification Job Practice chapter on the CISA website. You can also get detailed information on the scope of the test from the websites of the private institutions that impart the necessary training and education. CISA Exam Review Courses are also hosted by many of the CISA local chapters.

The CISA exam has 150 multiple-choice questions that have to be attempted in four hours. The exam covers five areas of audit, security, and control, each of which is detailed through task and knowledge statements. The point scale of the CISA exam is 200-800 and the pass mark is set to 450, however, candidates should note that the raw score is converted to a scaled score. The perfect score of 800 represents a situation where all the 150 questions have been answered by the candidate correctly. A scaled score of 450 represents the minimum standard that has been established by the ISACA Certification Committee. All candidates appearing for the exam receive an indication that they have either passed or failed right on their computer screens on the conclusion of the exam. The official results are communicated via email with 10 working days thereafter.

Apply for the CISA certification: After the candidates have passed the CISA certification exam and ensured that they meet all the requirements of work experience, they should complete and submit the application for the CISA certification. CISA requires you to have at least five years of experience in the audit or control of professional information systems or security; the CISA job practices areas specify the details of such experience.

Permitted Substitution of Experience

CISA also allows the experience to be substituted or even waived if there is any need; however, this is subject to a maximum of three years. It is possible to substitute a maximum of one year of non-IS auditing or information systems experience for one year of experience. Candidates who have the equivalent of a two-year or a four-year degree (60-120 semester credit hours) can substitute 1 to 2 years of experience. Candidates with a bachelor’s or master’s degree from a university following the model curricula sponsored by ISACA are eligible to substitute one year of experience. A list of these universities is available on the ISACA website. This substitution option cannot be used if three years of experience waiver/substitution have already been claimed by other methods by the candidate.

CISA also allows one year of experience to be substituted by a master’s degree in information technology or information security from an accredited university. It also allows university instructors with experience of two years in a related field like information systems audit, accounting, computer science, etc. to substitute one year of experience. It is a common practice for many individuals to take the CISA exam even before they have the experience eligibility. While CISA finds this practice acceptable and even encourages candidates to do so, it needs to be made clear that the CISA designation is only awarded after all the requirements are met by the candidate. CISA mandates that the required work experience have to be within a 10-year window preceding the date of application for the certification or within five years of actually having passed the CISA exam.

Continuing Professional Education (CPE) Program Adherence

As per CISA certification requirements, those who have earned a CISA certification have to adhere to its continuing professional education program guidelines. These guidelines have been constructed to maintain the competency of CISA certificate holders with updated knowledge and skills in the areas of the audit of information systems, control, and security. The CPE program also provides a means to differentiate CISA professionals who have taken the trouble of keeping themselves updated and those who have ignored the requirements of keeping their certification valid. The CPE program also provides the necessary mechanism for monitoring the competency of the CISA professionals. The program also aids the top management of organizations to provide discerning criteria for selection of cybersecurity personnel and their development that in turn paves the way for a robust information system audit, security, and control. CISA professionals need to pay the necessary maintenance fees for keeping the certification valid in addition to devoting a minimum of 20 hours annually to CPE, subject to 120 contact hours in a three-year period. Normally, no documentation has to be submitted by the candidate to support their CPE hours, unless specifically called on by ISACA to do so. The CPE reporting system is now online, certified individuals can report their CPE as and when they are earned.

CISA Certified -2

Additionally, CISA professionals must comply with the Information Systems Auditing Standards as accepted by ISACA and are expected to hold fast to the code of professional ethics.


CISA, a globally recognized certification for audit and IT security professionals, is extremely beneficial for candidates for putting their careers into a fast growth path. CISA certified IT professionals possess superior skills that lead to rapid career advancements and higher remuneration. Becoming CICA certified is a very good way of keeping updated with the latest in cyber technology and security practices.