CISA CPE Hours and Course Requirements

Many certifications require the holders to keep updated with the latest professional development, and ask that they take a minimum number of continuing professional educations. The ISACA requires the same for CISA certification holders.

CISA CPE Requirements

and the CISA certification is renewed every 3 years. Within this reporting period, CISAs must following the following rules:

1. Annual requirement

  • CISAs must clock and report a minimum of 20 CPE hours per year.
  • The annual reporting period starts on January 1.

2. 3-year reporting period requirement

  • A minimum of 120 CPE hours is required.
  • The 3-year cycle varies. Please check your annual invoice and on the letter confirming annual compliance.

Special note

  • One CPE hour is equivalent to one hour attendance in a seminar or conference, or a webinar related to your profession.
  • The reporting is based on honors system, but there is a chance that your CPE credits are audited.
    Documentation should be retained for 12 months following the end of each 3-year reporting cycle.

How are CISA CPE Hours Calculated?

There are many ways to earn your CPE credits. Please note that there is an upper limit of 72 free CPE hours per year.

Programs and events Max. # CPE hours
1. Paid CPEs
Conference   32 per event
Ad hoc online training  26 per course
ISACA training week 32 per course
2. Free CPEs
Webinars and virtual conference 36 per year
ISACA volunteer [1] 20 per year
ISACA mentor [2] 10 per year
Journal quizzes: Earn one CPE for each of six journals per year—(members only) 6 per year

[1] You are considered a volunteer if you take part on the ISACA board, committee, task force or as an officer of an ISACA chapter.

[2] You are considered a mentor if you coach, review or assist an individual with CISA/CISM/CGEIT/CRISC exam preparation or related career guidance.

How to report the CISA CPE Credits?

There is an online tracking system on the ISACA website. CISAs can input the CPE hours once they are earned.

I am Not Actively Practicing. Can I Get Exempted?

Those who are retired or non-practicing do not need to obtain CPE hours. They cannot use “CISA” or “CISA-nonpracticing” on business cards.

1. Retired status

This is applicable to those over 55 years of age and permanently retired from the CISA profession, or unable to perform the duties of an IS audit, control or security professional by reason of permanent disability.

2. Non-practicing status

These are CISAs who are no longer working in the IS audit, control or security profession are entitled to apply for nonpracticing CISA status.

For your Further Reading

Please rate this

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:

Leave a Comment: