Certified Information Systems Auditor - CISA

DEFINITION of 'Certified Information Systems Auditor - CISA'

Certified Information Systems Auditor (CISA) refers to a designation issued by the Information Systems Audit and Control Association (ISACA). The designation is the global standard for professionals who have a career in information systems, in particular, auditing, control and security. CISA holders demonstrate to employers that they have the knowledge, technical skills and proficiency to meet the dynamic challenges facing modern organizations.

BREAKING DOWN 'Certified Information Systems Auditor - CISA'

To receive Certified Information Systems Auditor certification, the candidate must pass a comprehensive exam that covers five job practice domains as well as satisfy industry work experience requirements. Candidates must also undergo continuing education and professional development and adhere to the Code of Professional Ethics and ISACA’s Information Systems Auditing Standards.

Certified Information Systems Auditor Exam

The CISA exam has a duration of four hours and consists of 150 multiple choice questions. The exam tests candidates’ knowledge of five job practice domains, these include: The Process of Auditing Information Systems; Government and Management of IT; Information Systems Acquisition, Development and Implementation; Information Systems Operations, Maintenance and Service Management; and Protection of Information Assets. Candidates must score 450 to pass the exam. The exam scores on a scale between 200 and 800.

Candidates have the option to sit the exam in June, September and December in testing centers worldwide. The exam is also available in multiple languages including Chinese Mandarin Simplified, Spanish, French, Japanese and Korean.

Certified Information Systems Work Experience Requirements

CISA candidates must have a minimum of five-years professional experience in information systems auditing, control or security. There are several work experience substitutions and waivers up to a maximum of three years that candidates can satisfy.

  • A maximum of one-year information systems experience OR one year of non-information systems auditing experience. (Substitutes one year of work experience.)

  • Sixty to 120 completed university semester credit hours. (Sixty credit hours substitutes one year or work experience, while 120 credit hours substitute two years of work experience.)

  • A master’s or bachelor’s degree from a university that sponsors ISACA programs. (Substitutes one year of work experience.)

  • A master’s degree in information security or information technology from an ISACA accredited university. (Substitutes one year of work experience.)

University instructors who have two years of experience in a related field, such as computer science, information systems auditing or accounting can substitute that experience for one year of work experience. Are you weighing up graduate education and work experience? For more, see: Master Degree vs. Work Experience: Which One is More Valuable? 

Certified Information Systems Auditor Continuing Professional Education

To ensure professionals who hold the CISA designation keep their knowledge of information systems, auditing and control updated, they are required to undertake 20 hours of training per year and a minimum of 120 hours in a three-year period. The ISACA charge an annual maintenance fee to renew the CISA certification. ISACA members pay $45, and the nonmember's fee is $85.