Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA). The purpose of the certification is to assist employers in hiring auditors who are skilled in measuring and assessing IT controls by affirming that a candidate possesses a baseline set of auditing skills. In order to receive the certification, applicants must pass an examination that includes sections on the following topics, among others:

  • auditing practices and techniques
  • gathering and preserving evidence in forensic investigations
  • control objectives and reporting techniques
Before an applicant is allowed to sit for the exam, he or she must already have a minimum of five years experience in one of six information systems of expertise, as well as be willing to sign and comply with ISACA's Code of Professional Ethics.

The six areas of expertise are:

  • Information Systems (IS) audit process
  • IT Governance
  • Systems and Infrastructure Lifecycle Management
  • IT Service Delivery and Support
  • Protection of Information Assets
  • Business Continuity and Disaster Recovery
If the candidate has enough related experience, passes the exam and signs the code, he or she will receive the certification; maintenance of the certification, however, requires that practitioners gain Continuing Professional Education credits so that their skills remain relevant to their field.
This was last updated in October 2010

Continue Reading About Certified Information Systems Auditor (CISA)

Dig Deeper on IT Security Audits



Find more PRO+ content and other member only offers, here.

1 comment


Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:


File Extensions and File Formats

Powered by: