Certified Information Systems Auditor (CISA)

Contributor(s): Taina Teravainen

Certified Information Systems Auditor (CISA) is a certification issued by ISACA for the people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected. The CISA certification is a globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting technology controls in an enterprise environment. It is designed for IT auditors, audit managers, consultants and security professionals.

In order to become CISA certified, applicants must pass the CISA examination with a score of 450 or higher (scored on a scale of 200 to 800) and possess a minimum of five years of professional experience in the fields of information systems auditing, control, assurance or security. The work experience must have been within the 10 years prior to a candidate's application submission or within five years of a passed CISA exam. Certain substitutions and waivers may be applied. The candidate must also adhere to ISACA's Code of Professional Ethics and Information Systems Auditing Standards. Once these criteria are met, the candidate can apply for certification.

The CISA exam is four hours long and consists of 150 multiple choice questions set around five job practice domains:

The exam is administered in June, September and December in testing locations worldwide. Besides English, it is also offered in other languages, including Chinese Mandarin Simplified, French, Japanese, Korean and Spanish.

After achieving CISA certification, CISAs must maintain it by undergoing 20 hours of training per year and a minimum of 120 hours in a three-year period. This training is to ensure that CISAs stay up to date and proficient in their fields.

Attaining CISA certification is considered beneficial as it is accepted by employers worldwide and is often requested for IT audit and security management positions. Although ISACA no longer releases statistics on the number of applicants who pass the CISA exam, it is widely reported that approximately 50% of those taking the exam receive a passing grade.

This was last updated in August 2016

Continue Reading About Certified Information Systems Auditor (CISA)

Dig Deeper on Security industry certifications

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Till 12/2013 I worked as senior auditor in IA&AD and in 12/2013 got promotion as supervisor. As Sr.Ar. worked in IT section and handled the section single handed for 2 years. Audited IDPL, PTL, ECIL, BHEL. Can I undertake this course?
You can view the CISA guidelines here.
Are there any other certifications an information security auditor should consider in addition to the CISA? If so, which ones?


File Extensions and File Formats