CISA vs CIA: Which Auditing Certification Is Better for Your Career?

cisa vs cia

CISA vs CIA: which of these auditing certifications should you pursue? You want the best possible credentials for your future career so you can land your dream job. But the question is: What are the ideal credentials? The Certified Internal Auditor (CIA) and the Certified Information Systems Auditor (CISA) accreditations are both very good options, but they’re not the same. In a nutshell, the CIA is for generalists, while the CISA is for specialists. So, the one you need depends on the job you want. And this comparison of both can help you choose the best auditing certification for you.

My CIA CISA Comparison at a Glance

cisa vs ciacisa vs cia
Focus & Recognition
FocusGeneral internal auditInformation technology audit
Overall recognition
Industry recognition
Exam Requirements
Entry barrierBachelor’s degree (waiver available)none
Standard amount of experience required2 years5 years
Minimum amount of specialty experience required1 year of internal auditing2 years of IT audit
Exam Format
Exam availabilityThroughout the year3 days per year
Total testing time for all exam parts6.54
Number of exam parts/levels31
Latest pass rates40% Unknown (~50%)
Estimated expenses (U.S. $)$1,000 – 2,000 ~$1,000 – 1,500

CISA vs CIA: Is the CIA Worthwhile?

The Institute of Internal Auditors (IIA) awards the CIA certificate. The IIA is an international professional association with over 185,000 members worldwide. Founded in 1941, the IIA is also the chief advocate and global voice of the internal audit profession. So, thanks to the IIA, the internal audit industry highly respects the CIA. Additionally, any company that hires internal auditors will recognize the value of the CIA.

The benefits of the CIA certification are numerous. Consequently, they include:

  • A higher income
  • More job opportunities
  • Greater job security
  • Increased skills and abilities
  • Heightened respect and admiration
  • International perks

If you’d like to be an internal auditor but don’t plan to have a specialization, then the CIA would be a good certification for you. The CIA is also the perfect auditing credential if you seek to conduct internal auditing from a management role within a corporation. Furthermore, when you combine the CIA with the Certified Public Accountant (CPA) license, you have exactly what you need to qualify for senior positions such as the head of internal audit or Chief Audit Executive (CAE).

CIA vs CISA: Is CISA Worth It?

The Information Systems Audit and Control Association (ISACA) grants the CISA, which is the gold standard certification for IT auditors. What’s more, the ISACA has a presence in 188 countries and has certified more than 150,000 auditors since 1978.

Rather than the heavy bank ledgers of yesteryear, today’s auditors rely on technology to complete their processes and procedures. For this reason, IT auditors are in increasingly high demand. Consequently, large financial institutions frequently search for CISAs to fulfill positions in audit and IT risk management. The industry also prefers CISAs for information systems audit and data security positions.

So, the advantages of having the CISA include:

Another reason to prioritize the CISA over the CIA is the fact that the costs of earning the CISA are usually lower than those of earning the CIA. The CISA exam is more affordable than the CIA exam because while CISA testing costs around $1,500, CIA exam fees can add up to approximately $2,000.

Therefore, if you want to enter the IT auditing industry, then you’ll want to get the CISA certification.

CIA or CISA: What Are Your Career Prospects?

As we’ve mentioned, both the CIA and the CISA can lead you to good jobs that make good money. So, how will a career with the CIA look different than a career with the CISA?

Promotional Opportunities

Well, for starters, the CIA is more widely recognized in the internal audit industry. Therefore, it is usually the certification that takes you to the top of the company. For example, with the CIA, you can be the Chief Audit Executive, Chief Financial Officer, Controller, Finance Director, Internal Audit Director, or Vice President of Internal Audit. So, basically, the CIA lets you go as far as you want within a company. On the other hand, the CISA certification tends to leave its holders with promotional limits. Consequently, the highest roles for CISAs are IT Audit Manager, IT Project Manager, IT Security Officer, IT Consultant, IT Risk and Assurance Manager, Privacy Officer, and Chief Information Officer.

Earning Potential

However, what the CISA lacks in leadership capacity, it makes up for in financial compensation. Typically, a specialized auditor makes more than a general audit. For this reason, CISA certificate holders (IT audit professionals) can be so well paid that they earn more than CIA certificate holders. So, in comparable roles, such as the position of manager in corporate accounting, a CIA can make anywhere from $134,500-$157,500, while a CISA earns somewhere between $108,000-$166,000.

Job Options

However, the fact that the CISA applies to a specialization means that you won’t find quite as many job opportunities available to CISAs as to CIAs. In fact, the full list of jobs you can get as a CISA includes:

  • Internal auditor
  • Public accounting auditor
  • IS analyst
  • IT audit manager
  • IT project manager
  • Network operation security engineer
  • Cybersecurity professional
  • IT consultant
  • IT risk and assurance manager
  • Privacy officer
  • IT security officer
  • Chief information officer

Understandably, CIAs are not so limited. Instead, they can hold these roles and more:

  • Auditing specialist
  • Compliance auditor
  • Financial analyst
  • Information systems auditor
  • Internal controls auditor
  • Lead internal auditor
  • Risk assessment specialist
  • Audit manager
  • Internal audit director
  • Risk manager
  • Senior internal auditor
  • Chief Audit Executive
  • Chief Financial Officer
  • Controller
  • Finance Director
  • Internal Audit Director
  • Vice President of Internal Audit

Ultimately, factors such as company size, industry, and region affect your job and salary options a bit more than your certification. However, either the CIA or the CISA can set you up for a highly successful internal audit career.

CISA vs CIA Certificate: How Do You Qualify?

Earning either the CISA or the CIA is quite a process. Both certifications require candidates to meet a series of demands before they can assume either title.

CIA Requirements

The IIA has established several CIA requirements for candidates, including:

  • Education: You must have an associate’s degree or higher
  • Experience: You must have at least 1 year of professional experience depending on your level of education.
  • Exam: You must pass all 3 parts of the CIA exam.

The amount of experience you need depends on your level of education. So, the more education you have, the less experience you will need. However, if you don’t have any higher education, you can satisfy the education requirement with 7 years of IIA-approved experience. Furthermore, if you’re an ACCA member or CPA license holder, you can qualify for CIA requirement exemptions.

Other minor CIA requirements include providing proof of identification, submitting a character reference, maintaining exam confidentiality, fulfilling the requirements within the eligibility period, upholding the code of ethics, and earning annual continuing professional education (CPE) credits.

CISA Requirements

The ISACA also expects candidates to meet several CISA requirements, including:

  • Exam: You must pass the CISA exam
  • Experience: You must have 5 years of professional information systems auditing, control, or security work experience

Though the ISACA asks for a lot of experience, they also give candidates several opportunities to waive some of that experience with other qualifications. For example, you can substitute 1 year in information system work, 1 year in non-IS auditing, or 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) for 1 year of experience in professional information systems auditing, control, or security.

You can also use 60 credit hours (2-year degree) from a university, a bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula, or a master’s degree in information security or information technology from an accredited university to reduce the experience requirement by 1 year.

To shave off 2 years of the experience requirement and cut those 5 years down to 3, simply present the ISACA with 120 credit hours (4-year degree) from a university, current ACCA membership, or the full CIMA certification. Finally, you can receive a 3-year waiver for possessing a master’s degree in information systems or a related field.

You can also submit other degrees, qualifications, and credentials with a significant information systems auditing, control, assurance, or security component to the CISA Certification Committee for consideration.

Exam Timing

Both the IIA and the ISACA allows candidates to take the CIA or the CISA exam before meeting the experience requirement.

For the CIA, you must meet all of the certification requirements within 3 years of receiving approval into the CIA program. And for the CISA, you must acquire your work experience within 10 years before you apply for the CISA or within 5 years of passing the CISA exam.

In either case, you must submit the appropriate documentation proving you’ve met the experience requirement before you can receive the certification.

CISA or CIA: What Are the Exams Like?

Both the CIA exam and the CISA exam seek to serve a similar purpose. They intend to test your proficiency in the principles of internal auditing and verify your ability to perform the duties of an auditor efficiently, effectively, and thoroughly.  However, the format and syllabus of these exams differ.

CIA Exam

Since the most recent release of CIA exam changes, the 3 parts of the IIA CIA exam cover the following content areas:

  1. Essentials of Internal Auditing
    1. Foundations of Internal Auditing (15%)
    2. Independence and Objectivity (15%)
    3. Proficiency and Due Professional Care (18%)
    4. Quality Assurance and Improvement Program (7%)
    5. Governance, Risk Management, and Control (35%)
    6. Fraud Risks (10%)
  2. Practice of Internal Auditing
    1. Managing the Internal Audit Activity (20%)
    2. Planning the Engagement (20%)
    3. Performing the Engagement (40%)
    4. Communicating Engagement Results and Monitoring Progress (20%)
  3. Business Knowledge for Internal Auditing
    1. Business Acumen (35%)
    2. Informational Security (25%)
    3. Information Technology (20%)
    4. Financial Management (20%)

The CIA exam’s coverage of internal auditing is fairly broad. Therefore, Part 3 is the only part that really shares the same focus as the CISA exam.

Additionally, each of the 3 CIA exam parts presents candidates with a certain number of multiple-choice questions that candidates must answer within the testing time limit:

Exam Part

Number of QuestionsTotal Testing Time


125150 minutes (2.5 hours)

120 minutes (2 hours)


120 minutes (2 hours)


The ISACA CISA exam has 1 part featuring 5 domains. These domains address the following areas:

  • 1: Information System Auditing Process (21%)
  • 2: Governance and Management of IT (17%)
  • 3: Information Systems Acquisition, Development, and Implementation (12%)
  • 4: Information Systems Operations and Business Resilience (23%)
  • 5: Protection of Information Assets (27%)

As you can see, the CISA exam places a great deal of emphasis on information systems, as one would expect from a specialist exam. The exam only devotes 21% of its content to the general information systems auditing process.

Furthermore, the CISA exam contains 150 multiple-choice questions that candidates must answer in 240 minutes (4 hours).

CISA vs CIA Difficulty: Which Exam Is Easier?

Because the size and scope of these 2 exams differ, can we compare the CIA exam difficulty to the CISA exam difficulty? Well, we can try.


As mentioned, the CISA exam has only 1 part and concentrates on only 1 aspect of internal auditing (IT auditing). Therefore, many people find this exam to be easy enough. The typical candidate can prepare for and pass the CISA exam in just 6 months. What’s more, if your current work involves IT auditing, you may even be ready to pass in as few as 1-2 months. Furthermore, thanks to the fact that the CISA exam is now available 365 days a year, you can finish the exam process faster than ever.

CIA Exam

In contrast to the 1-6 months required to pass the CISA exam, preparing for and passing the CIA exam can take about 12 months. Again, the CIA exam encompasses a greater variety of internal auditing topics and therefore has 3 parts, not just 1.

For these reasons, studying for the CIA exam involves a bit more time and effort than studying for the CISA exam. For example, if you study for at least 10 hours a week, studying for each CIA exam part can take anywhere from 3-10 weeks, depending on the part. So, if you study for 2-3 months and give yourself a short break between exam parts, then you’ll find that passing the CIA exam can take the better part of a year.

And if you fail a CIA exam part, the process can take longer. Unfortunately, having to take more exam parts increases the odds of failure. And, according to the average CIA exam pass rate of 41%, failing is a common occurrence among CIA candidates. Therefore, the CIA exam seems to be fairly difficult. However, if you study well with the right materials, you can pass it.

CIA CISA Languages: What Are Your Testing Options?

Good news for international candidates: If you aren’t completely comfortable with your fluency in business English, you’ll appreciate the fact that both the CIA and the CISA exams are available in many different languages. However, you should know that the certification process for non-English language exams varies. Therefore, you should visit the IIA or ISCA website for your country so you can discover what the procedure will be like for you.


You can take the CISA exam in 10 different languages: Traditional Chinese, Simplified Chinese, Engish, French, German, Italian, Korean, Japanese, Spanish, and Turkish.

CIA Exam

Currently, candidates can take the CIA exam in 19 languages: Arabic, traditional Chinese, simplified Chinese, Czech, English, Estonian, French, German, Hebrew, Indonesian, Italian, Japanese, Korean, Polish, Portuguese, Russian, Spanish, Turkish, and Thai.

However, the current English version of the CIA exam reflects the recent exam changes. The other languages will receive the latest exam updates on the following schedule:

  • French and Spanish: June 1, 2019
  • German and Turkish: July 1, 2019
  • Arabic and Russian: August 1, 2019
  • Korean and Portuguese: September 1, 2019
  • Chinese Traditional and Japanese: October 1, 2019
  • Chinese Simplified and Thai: 2020

Therefore, once the IIA has released all of the updated exam versions, the exam will no longer be available in Czech, Estonian, Hebrew, Indonesian, Italian, or Polish. So, CIA candidates have just a short period of time left in which to take the exam in these languages.

CIA & CISA Certifications: How Do You Maintain Them?

Holding the CISA or the CIA certification isn’t a one-and-done situation. Instead, you have to remain in good standing with the certification organization in order to maintain your certified status. To do so, you don’t have to take either of the tests again, but you do have to complete a certain amount of Continuing Professional Education (CPE) credits each year. You also must abide by the relevant Code of Ethics created by your certifying organization.


During the year in which you become a CIA and the year after that, the IIA will award you 40 hours of CPE each year for a total of 80 hours of CPE. Therefore, you won’t need to worry about earning CPE until your third year as a CIA.

When you do need to start accumulating CPE, the number of hours you need will depend on your certification reporting status. So, if you’re a practicing CIA actively performing internal audit or related activities, then you must acquire 40 hours of IIA-approved CPE every year. However, if you’re a non-practicing CIA not actively performing internal audit or related activities, then you only need 20 hours of CPE a year. In either situation, 2 of your CPE hours each year must focus on the subject of ethics.


For the CISA, you must complete and report at least 20 CPE hours each year. These credits must focus on CISA-related material, as determined by the ISACA. Furthermore, you must report that you’ve earned 120 CPE hours every 3 years. And, if you’re chosen for the annual audit, you’ll also need to submit documentation of your CPE activities. Finally, you must also pay the annual CPE maintenance fees to the ISACA.

CIA & CISA: Should You Earn Both?

If both the CIA and the CISA certification are good for internal auditors to have, and both are different, should you earn them both? The answer to that question depends on your current career situation as well as your future vocational intentions.

If you already have the CIA and decide that you’d like to specialize in IT, then getting the CISA credential could be valuable for you. If you determine that it is, then you’ll find that studying for the CISA exam won’t be too hard when you remember what you learned for Part 3 of the CIA exam. Also, you should already feel comfortable with the computerized testing format. So, you just need to study the specific IT related topics, and you’ll be ready to go.

On the other hand, if you already have the CISA and are content to continue to specialize in IT audit, then you probably don’t need to earn the CIA certificate. The CIA won’t give you any additional edge when applying for an IT auditing position. So, you’d only want to add the CIA to your repertoire if you plan to pursue more general internal auditing roles and climb the corporate ladder to a leadership position. If you change your mind about IT and want to change the direction of your career in this way, then you should take the CIA exam.

CISA & CIA Exams: How Do You Prepare to Pass?

Does the CISA certification sound right for you? If so, then you need to start preparing for the CISA exam. You can use the CISA Review Manual to help you with this. But, I also advise you to supplement with a CISA review course because the manual is dry and lacks explanations and examples of the concepts. You can use my analysis of the best CISA review courses to find the best one for you. You can also use this page to save big on your preferred CISA exam prep.

Furthermore, if you’re ready to secure the CIA certification, then you need to invest in a CIA review course. A CIA review course gives you the best chance at achieving CIA exam success. Therefore, I never recommend CIA candidates take the exam without using CIA study materials. Additionally, I always encourage them to find the best CIA exam review course for them using my comparison of the most popular courses on the market. You can also contact me to receive a personalized CIA exam prep suggestion. Then, when you’re ready to buy, you can use my CIA review discounts to save money on your study materials.

And, to get free information on the CIA process and passing each exam part the first time, you can take my CIA e-course. As I said, it’s free, so learn more or sign up here!

Please rate this

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:
  • Rob says:

    Hi Stephanie,
    a couple of questions.
    firstly I forgot the passing mark for the CMA, is it 320? (I know wrong forum. sorry)
    secondly, I am thinking of taking either the CISA or CIA and I want to get one of them as fast as possible.
    I work in risk management. accounting background.
    In your experience with these comments that you have seen, which one seems easier and faster to get done?

    • Stephanie says:

      Hi Rob, passing score of the US CMA exam is 360.
      CISA is specialized in IT audit. If you don’t have plans for that, the CIA exam is more versatile.
      It’s hard to generalize, but if you are a working IT Audit professional, CISA is likely easier, and fast as well given there is only one exam; but if you aren’t familiar with IT audit, it could take longer to study. Regards, Stephanie

  • Judi says:

    Im an Acca affiliate. No work experience. Would like to do auditing. Which one is better cisa or cia? Or is it ok if i do both and in which order

    • Stephanie says:

      Hi Judi, your ACCA is good enough for general auditing positions. Maybe you can first working and decide? It is better to know which path you like for your longer-term career. Regards, Stephanie

  • ISHA JAIN says:


    I would like to know I am working as Internal Auditor and have done M>BA Finance. Doing CISA would be technical for me? Should I do CIA in this case?

    • Stephanie says:

      Hi Isha, in terms of passing the exam, you should be fine with your IA background. But in order to get the certification, you do need at least 3 years of specifically IT audit experience. So getting that experience should also be part of your plan. Regards, Stephanie

  • Muhammad Ali Shiwani says:

    Any guidance how to tackle with 20 chapters in cia part 3, it is so lengthy as compared to previous parts. which order of reading (more importantly memorizing the concepts) chapter is better to be followed? kindly help.

  • Mubashir says:

    CIA & CISA both are difficult. I prefer CISA because
    1-No Accounting involved at all.(For CIA, person should be Accounting expert).
    2-No calculations. No need to use Calculator.
    3-Not lengthy questions like CIA.
    4-CIA’s own Official Books are boring, irrelevant most.
    5-CIA have three papers-CISA one paper.
    6-For CISA , no need to learn any software
    7-CISA,s Official book is excellent. To use any other book except it is time wasting…

    • Rob says:

      Hi mubashir,
      I heard the cisa is quite difficult in that it isn’t more than one exam but if you don’t have audit experience in a firm.. it is pure luck to pass… almost 0% chance to pass.
      a few people told me this.

    • Stephanie says:

      Hi Mubashir, thanks for your sharing! A good summary for sure. Cheers, Stephanie

  • Mubashir says:

    Dear Rob,
    The people who told you about CISA actually were wrong absolutely. No such condition at all. I experienced CIA .If you will pass 2 papers of CIA but fail in 3rd,you will hang. CISA ‘s demand is much more as compared to supply. Salary comparison of CIA & CISA is available on internet. I have no audit experience and also have commerce background. If I find any problem ,I take help of GOOGLE which is best teacher. It helps you to search your relevant material. Lectures are available on topics.

    • Stephanie says:

      Hi Rob, I didn’t take CISA myself but I also don’t think it is as difficult as your friends said…

      • Rob says:

        Hi Stephanie,
        I am just relaying the information word for word that he said.
        He worked at KPMG and informed me that the exam had heavy emphasis on audit procedures in practical scenarios that are not taught to IT grads.
        I don’t know if that means its a tough exam or if it can be done with practise questions only.

        • Mubashir says:

          CIA exams are scenario based. One question often of 10 lines about. CISA exams are not scenario based are about mostly 2 lines. But it demands in depth study like CIA.
          Read CISA Review Manual minutely and then study Official database (Reasons of right and wrong should be carefully studied).Don’t cram MCQ’s .Official Material is best. No need to use any other book.Total Chapters are five.
          Only read Section Two of each chapter.No need to study Section one of each chapter. Hence, more than 100 pages will become less. This is main point which students mostly don’t know. Kindly read my comparison points also.

        • Stephanie says:

          I see 😉 Thanks Rob
          Guess it is afterall an audit exam (IT audit is part of audit) so I wouldn’t be surprised to see audit procedures tested there… the question is whether one can learn about this without actual experience.


  • Mubashir says:

    Hi Jenny

    CISA Official Book + Official Database is quite enough. To attend CISA preparation classes is much valuable. Don’t read any other non official CISA book. It is time wasting..However, you can take help from GOOGLE for any topic. Only read Section 2 of each chapter.

    • Rob says:

      Hi Mubashir,
      I find this CISA etc. super interesting.. I would love to have a job in it one day… problem is… getting a job in that field is very difficult… it is very specialized.. without the job.. its just a paper.. but its a dream of mine.. they say its a growing field.. I just need the job.

    • Jenny says:

      Thank you Mubashir 🙂

      For someone who has limited knowledge in either programming or IT skills, can he/she manage the CISA exam?

  • Mubashir says:

    No need at all of programming /IT Skills. Only focus towards course contents minutely. No programming at all in syllabus. No mathematical calculations. No prior experience required. Undermentioned forum is much helpful.

    membership is free.
    After sign in, go to FORUM and write in search box CISA (in capital letters)
    This forum is much beneficial for many IT certifications.

    • Stephanie says:

      Thanks! Unfortunately the forum doesn’t look active any more — last post was updated April 2014…

    • Jenny says:

      Thank you Mubashir for your detailed explanation.

      For a CISA certified, it is expected a person already have reasonable knowledge to conduct IT audit in real life scenarios?

      I always have this thought a person WITHOUT any IT technical knowledge will have far less advantage in the field of IT auditing even she/she is qualified CISA.

      Do you think my observation makes sense?

      Thank you

  • Mubashir says:

    Forum is alive fully. I posted yesterday, Open again,

  • Mubashir says:

    Jenny! your thinking is on wrong side. Database is useful to learn in this perspective.

  • Tim says:

    HI Stephanie,

    For the CISA experience requirements it mentions Control or security experience. What does the control portion of this relate to? Does it mean internal controls such as SOX 404? Thank you!

  • Mohamed Badawy Cia, CCSA, CRMA, CertIfr. says:

    Thanks you Ms. Stephanie for great article; just i noticed that the CISA is computer based test (not a paper based ) as mentioned in the video, accept my greetings.


    Hi, i am going to pursue for CISA exam in september, 2017. if you have any Study materila which is helpful in clearing my CISA exam in one attempt then please share it with me at my mail id
    *** removed ***.

    • Stephanie says:

      Hi Sumit, I’ll have to remove your email because it isn’t safe for you to expose that in public domain. Also, having run this site for years I have to say no one goes so far to proactively send strangers review materials. Please try to get those from your friends or purchase the latest copy. Regards, Stephanie

  • Auditor says:

    Hello Stephenie,
    I am working in IT for the last 10 years but have no experience as an auditor.
    Is it a good idea to start studying from now and appear for the exam in September 2017.
    Are 2 months sufficeint for the preparation and passing th exam.

    • Stephanie says:

      Hi Auditor,
      In terms of studying you can do that without much background in audit, although you may need to work extra hard (and smart) to overcome that. Might be a bit tight to shoot for Sep exam unless you are very natural with accounting/audit concepts. But you can certainly give it a try. It also largely depends the number of hours you can dedicate to studying during this period. Good luck! Stephanie

  • Awais says:

    hi stephanie

    I would like to know I am working as Account & audit assistant in USC of Pakistan from one year and still working & have done MBA Finance
    one year of teaching experience of Arts subject at private college
    i am very confused to choose cia or cisa.
    i am also little bit wellaware of computers or IT related things like networks,software,social media,websites etc
    one of my ACCA friend suggested me to go for Cia but i think the coming future will be of Cisa.Bec everthing is converted into computerized n technology based…

    Cisa takes 5 year experience to complete the certification
    so 5 years is too much for me…any help regarding this
    Cisa or Cia?
    what would u suggested me

    or mubashir..if u there then guide me…bec i want to attain a highly paid job as quick as possible to serve my family…bec i am from a poor family n i want to attain something big as i am hardworking in every work….
    IF i go for Cia then how much further experience i need

    & if i go for Cisa then how much further experience i need…

    the currently job experience will be include or not & for Cisa i must take any IT experience or my currently job experience when it becomes above 3 years will be sufficient?

    this all things confusing me….
    any help and guideline regarding this
    i will be very much thankfull….

  • Tina says:


    I am having difficulty passing the CIA exam. My two coworkers have just passed the CISA. I perform more of the administrative audits in our group and they perform more of the IT ones; however, i am considered an IT auditor. I was wondering if the CIA of the CISA was harder to pass? If i am already having a tough time passing the CIA I am wondering if I even have a chance with the CISA. Does anyone have any advice?

    • Art Yip says:

      Hi Tina,

      I have passed both the CIA & CISA Exams. You didn’t specify which CIA Exam part you’re having difficulty with. If you’re referring to CIA Part 1 or Part 2, then yes, the CISA is harder than those exam parts. I do feel CIA Part 3 is actually harder than the CISA due to it’s broad range of topics and the trickiness in how the exam questions are set up. In other words, neither the CIA nor CISA exam will be easy to complete.

      I’m not sure what you mean by administrative audits. I’m thinking perhaps you might want to gain more audit experience, then try the CIA exam again. It is a good general audit certificate to have. After attaining that, then you can get the CISA if you want to get into IT Auditing. Studying for the CIA exam will help prep for the CISA, but not so much the other way around!


  • Art Yip says:

    Hi Stephanie,

    How are you? Long time no e mail! I want to let you know I took and passed the CISA Exam yesterday!

    I want to thank you for providing such an informative website on the CISA Exam! I read it thoroughly during my prep time! I especially liked your CISA Books and Study Guides Comparison page. I ended up using CISA Study Guide 4th Edition by David Cannon supplemented with ISACA’s Questions, Answers & Explanations Database. That combo worked well for me!

    If you or any of your readers have any questions about my experience with the CISA Exam, I would be glad to help!


    • Stephanie says:

      That’s wonderful Art! In fact I have also thinking about taking the CISA exam! (it’s my 2018 resolution)
      I plan to document my process in my blog post — it would be great to share notes then. I will let you know when I start, hopefully in early Jan.

      By the way, what do you think about David CAnnon’s book? I’ve got the 4th edition as well. I can see the author really wants to teach us the knowledge required for an IT auditor. I really appreciate his effort but I wonder if he covers quite a bit outside of the syllabus? Thanks! Stephanie

      • Art Yip says:

        Hi Stephanie,

        It’s great to hear from you!

        I was told that David Cannon’s book explains IT concepts very well. During my information gathering phase, I read various CISA candidates’ comments from and forums that the ISACA’s Official CRM is very dry. Quite a few candidates felt David Cannon’s book was a helpful alternative to them. I do agree that he covers more than what is needed for the CISA exam. I just skimmed those parts. I did find that he explains the technical topics such as encryption, biometrics, IDS, etc. very well. I also liked the graphs and diagrams in the book. I felt they helped me to understand and remember the concepts. I read the entire book once, and reread the technical chapters 2 more times. I completed all the questions from the book and made good use of the flash cards as well!

        I look forward to reading your blog post and sharing notes with you in your upcoming CISA exam study process!


  • CHERUIYOT says:

    I have gone through the posts and I am now enlightened. I now believe CISA is the way to go.

  • >