How hard is the CISA exam? One of the most common questions we got is about how hard the CISA exam can be. This is obviously a subjective question but we will try to give you a helpful answer based on comparison with other qualifications, and comments from past takers. In this article, I’m going to break it down for you, piece by piece. I will show you all the elements of the CISA exam and difficulty levels, so that you have a better understanding of it before you begin.
Most readers tend to agree: the syllabus and exam content isn’t particularly tough. After all, it is a one-part exam with only 150 questions.
This certification requires 5 years of experience and therefore is not intended for those who just started out working. If you work in IT auditor for a couple of years, it is obviously easier than those who have no relevant experience.
There are 150 questions on the CISA.
The material that is covered on CISA is all garnered from the five domains.
In August 2015, the new syllabus was announced, changing the weighting of the 5 domains:
|1. The process of auditing information systems||14%||21%|
|2. Governance and management of IT||14%||16%|
|3. Information systems acquisition, development, and implementation||19%||18%|
|4. Information systems operations, maintenance and support||23%||20%|
|5. Protection of information assets||30%||25%|
This is still the current weighting of the five domains that make up the syllabus in 2019.
The exam content is manageable, but the question style is not for many candidates. Possibly because of the nature of the profession, the phrasing and wording of the questions are pretty hard to comprehend, even for existing IT auditors. You do need to get familiar with ISACA terminologies to pass this exam.
Also, it is hard to know whether you got the answers correctly. Most seem to be able to narrow down the answers to 2 out of the 4, but after that it is all educated guess.
It isn’t entirely apple to apple, and opinions are split on this one. My conclusion is that the perceived difficulty is largely a result of one’s background. If one is an auditor, for example, CISA exam is easier; otherwise, if one is a computer science major, he may find CISSP easier.
In any case, if you have taken the CISSP exam before, your CISSP knowledge overlaps nicely with Domain 5 of the CISA exam which represents 30% of the scoring and indirectly for portions of domains 3 (19%) and 4 (23%).
Domains 1 (14%) and 2 (14%) are likely your biggest knowledge gap that you’ll need to fill. Those are also the areas where the “ISACAisms” will become fairly evident.
How hard is CISA when compared to CIA or to other similar exams in this industry?
At the end of the day, it’s not the most complex exam out there, but it is comprehensive. Taking the time to study thoroughly and
I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.