What Is a Certified Information Systems Auditor?

Certified Information Systems Auditor (CISA) refers to a designation issued by the Information Systems Audit and Control Association (ISACA). The designation is the global standard for professionals who have a career in information systems, in particular, auditing, control, and security. CISA holders demonstrate to employers that they have the knowledge, technical skills, and proficiency to meet the dynamic challenges facing modern organizations.

Understanding Certified Information Systems Auditor (CISA)

To receive a Certified Information Systems Auditor certification, candidates must pass a comprehensive exam and satisfy industry work experience requirements. Candidates must also undergo continuing education and professional development and adhere to ISACA’s Code of Professional Ethics and Information Systems Auditing Standards.

Certified Information Systems Auditor Exam

The CISA exam lasts four hours and consists of 150 multiple-choice questions. The exam tests candidates’ knowledge of five job practice domains: The Process of Auditing Information Systems; Government and Management of IT; Information Systems Acquisition, Development, and Implementation; Information Systems Operations, Maintenance and Service Management; and Protection of Information Assets. Candidates must score 450 to pass the exam. The exam scores on a scale between 200 and 800.

Candidates have the option to sit the exam in June, September, or December in testing centers worldwide. The exam is also available in multiple languages including Chinese Mandarin (simplified and traditional), Spanish, French, Japanese, and Korean.

Certified Information Systems Work Experience Requirements

CISA candidates must have a minimum of five years of professional experience in information systems auditing, control, or security. There are several work experience substitutions and waivers up to a maximum of three years that candidates can satisfy.

  • A maximum of one year of information systems experience OR one year of non-information systems auditing experience. (Substitutes one year of work experience.)
  • Sixty to 120 completed university semester credit hours. (Sixty credit hours substitutes one year of work experience, while 120 credit hours substitute two years of work experience.)
  • A master’s or bachelor’s degree from a university that sponsors ISACA programs. (Substitutes one year of work experience.)
  • A master’s degree in information security or information technology from an ISACA accredited university. (Substitutes one year of work experience.)

University instructors who have two years of experience in a related field, such as computer science, information systems auditing or accounting, can substitute that experience for one year of work experience.

Certified Information Systems Auditor Continuing Professional Education

To ensure professionals who hold the CISA designation keep their knowledge of information systems, auditing, and control updated, they are required to undertake 20 hours of training per year and a minimum of 120 hours in a three-year period. ISACA charges an annual maintenance fee to renew the CISA certification. ISACA members pay $45, and nonmembers pay $85.