Do you have questions about how the CISA exam is graded? You’re not alone, as this is one of the most-asked questions about this exam. We’re going to attempt to take some of the mystery out of it for you in this article. Continue reading to learn more about how CISA is graded, and what you need to know to prepare for it.
First, the CISA exam consists of multiple choice questions only. A portion of questions are included for research and analysis only and therefore not graded. It’s important to understand the questions if you are to understand how the scoring works (more on that later).
The more you learn about how CISA exam scoring works, the better prepared you will be for taking the exam and passing. Most people hope to pass on the first try. While there are no limits on how many times you can take the exam, you can only register to take it once in each testing window. So if you fail, you have to wait to take it again.
How the CISA Exam Scoring Works
As you know, your first step is to take the exam. No one can know exactly what questions will be on it, but you can use study guides and past questions to help you. After a candidate completes the exam, the raw score is collected and converted into a point scale of 200 – 800.
Because of this, we should not expect that the score we receive is calculated based on simple percentages. For example, if the final grade on paper is 500 (midpoint of 200 and 800), it does not necessarily mean you got 50% correct. Try not to worry too much about how many you need to get correct and just focus on doing as well as you can.
In order to pass the exam, candidates must receive a scaled score of 450. This represents a minimum consistent standard of knowledge determined by ISACA.
Please find more information on scoring below:
- The scaled score of 450 or higher passing score represents the minimum consistent standard of knowledge as established by ISACA’s certification working groups.
- A score of 800 represents a perfect score with all questions answered correctly.
- A score of 200 represents the lowest score possible and signifies only a small number of questions were answered correctly.
- Each content area has a scaled score, however, the overall score is not simply calculated using weights and scores.
- The domain percentages represent the relative amount of test questions on the exam for that domain; the passing score is based on the questions in total.
- ISACA provides visibility into the score for each domain to provide insight into the areas of strength and those areas that may need more development. Scaled scores range between 200-800.
But I still don’t understand how the scaled score is calculated…
Seriously, don’t worry about it. The CISA exam scoring system is fair, even if it’s difficult to understand. However, it is better to focus your time and energy in exam preparation.
With that in mind, let’s explore pass rates, CISA results and other information you need to know about scoring.
CISA Pass Rate
Anyone looking to take the CISA exam will be curious about the pass rate and their chances at passing on the first go. While ISACA does not release the exact figures on pass rates, it is well known that the pass rate is a bit low for this exam.
Based on this info, most people will say the pass rate is somewhere between 45% and 60%. However, these are only estimates. Some people guess that the pass rates are rising for CISA, in part due to how much easier it is to get study information today, as opposed to in the past.
The only way for you to get information about pass rates is from the forums where other CISA candidates post their results and give advice to others preparing to take the exam. An example is this Yahoo Answers thread where people are talking about their exam results from August 2008.
Increasing CISA Pass Rate
If the average CISA pass rate is around 50%, then you may want to know what you can do to help increase your chances. In addition to studying and prepping for the exam, there are some other things that might give you an advantage.
First, the pass rate is only an indication of your chances to pass, because the scaled scoring system is used, as described above.
If you are already working in a field that the CISA job description covers, then you will have an increased chance to pass the exam. Honestly, it’s about how you would respond to real-life scenarios more than it is about memorizing facts and figures. People who work in these fields already will have the advantage.
CISA Exam Results Release
Official CISA exam results will be mailed to you approximately 5 weeks after the exam. If you opt-in for email notification during registration, an email indicating a pass/fail will be sent to you. The scores will also be available in your profile at the My ISACA > My Certifications page of the ISACA website.
Due to confidentiality, you won’t be able to request the CISA exam results by phone or fax.
You will be able to view your preliminary result (pass or not pass) on the screen immediately following the completion of your exam. Your official score will be emailed and available online within 10 business days from the date that you take the exam. If you pass, you will receive details on how to apply for certification.
- Email notification (encrypted) – sent to the email address listed on your profile
- Online results – available on the MyISACA > MyCertifications page of the ISACA website
- Exam scores cannot be provided via telephone or fax
- Exam scores are not sent through the post
- Question-level results cannot be provided
If you do not receive your official scoring within 10 days of taking the exam, you should contact ISACA to find out what happened. They will be able to provide you with additional assistance.
What You Will See in the Score Report
I understand that you may be curious about what the score report will show you. The score is broken down by each domain area. The sub-scores can help you identify stronger and weaker areas in case you need a retake.
Even if you pass, it can be very helpful to review this information because it will, again, show you your strengths and weaknesses.
Candidates failing the exam can request a hand score of their answer sheets, in case you worry that there are stray marks or other conditions that interfered with computer scoring. This request costs $75 and has to be submitted within 90 days of the score release.
Candidates have five years from the passing date to apply for certification. To become certified, each exam passer must complete requirements including submitting an application for certification.
Has CISA Job Practice Scoring Changed in 2019?
The process of scoring the CISA exam remains the same as it continues to be scored against a passing point and converted to scaled scores. However, a new passing point has been established by conducting a Standard Setting Analysis on the new/updated exam blueprint.
How to Request a CISA Rescore
ISACA provides this info on how to request a recore of your CISA exam:
“While we are confident in the integrity and validity of our scoring procedures, you may request a rescore if you do not pass the exam. Rescores are performed by PSI.
You must submit a rescore request in writing here
within 30 days following the release of your exam results.
- Requests for a rescore after 30 days will not be processed
- All requests must include a candidate’s name, ISACA identification number and mailing address
- A fee of US $75 must accompany each request”
Ensuring You Get a Good CISA Score
Of course, if you want to be sure you get a good score on CISA, it’s imperative you study properly. We have links to some great study aids and practice exams to help you with that. We also have tips for CISA exam prep to help you.
Here are some basic tips to ensure you get a good score:
- Create a study plan and take it seriously
- Invest in quality exam prep and guides
- Become familiar with the 5 domains and what is covered within
- Study with practice tests as much as possible
Understanding the Questions
To help ensure you get a good CISA score, you also need to understand the questions. In addition to knowing the format and what’s covered, it’s important to know that these are not “yes” or “no” questions or simple things you just memorize and then answer back. Rather, they are
Questions with Multiple Possible Answers
You may run across questions that seem like they have multiple possible answers. What can you do if there are questions that seem like they have more than one answer? Don’t let this trip you up.
What CISA Covers?
Do you know what CISA covers? To understand CISA scoring, it also helps to understand what will be on the exam. To that end, let’s take a look at what type of content can be found on the CISA exam.
The syllabus will always cover all information related to the five domains, as listed below.
CISA Exam Syllabus: The 5 Domains
- First Domain: The process of auditing information systems (21%)
- Second Domain: Governance and management of IT (16%)
- Third Domain: Information systems acquisition, development, and implementation (18%)
- Fourth Domain: Information systems operations, maintenance and support (20%)
- Fifth Domain: Protection of information assets (25%)
When you fully understand what will be on the CISA exam, and you have taken the time to prepare and study properly, you won’t have to worry so much about how it is graded and scored. You can take confidence in your ability to pass because you’ve done the proper prep-work.
Major Changes to the CISA Job Practice in 2019
When considering the five domains and how you study for them, it’s important to know there have been a few changes in the 2019 job practice areas. These aren’t really major changes, but they are still important to note, especially while prepping for the exam.
While the five CISA domains remain similar, there a few noteworthy changes:
- The 2019 job practice, or exam content outline, introduces subdomains to better organize task and knowledge statements within the broader domains.
- Knowledge statements are rewritten to represent current technology and combined as appropriate to remove redundancies.
- Of the 39 task statements in the 2019 CISA Job Practice:
- 35 were carried forward from the current outline but rewritten to use current terminology
- One was eliminated
- 5 are new to the content outline to address emerging changes within the IT audit profession
These changes to the CISA Job Practice, or exam content outline, enhance the preparation experience of exam candidates by including knowledge areas that directly indicate the content of the CISA exam and tasks to identify context for how the knowledge is used in practice.
What Are the Five New Tasks in the 2019 CISA Job Practice?
Below are the five new tasks in the 2019 CISA Job Practice:
- Perform technical security testing to identify potential threats and vulnerabilities.
- Utilize data analytics tools to streamline audit processes.
- Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
- Identify opportunities for process improvement in the organization’s IT policies and practices.
- Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.
The CISA Working Group determined that the following 2016 CISA Job Practice task was not in scope for most IT auditors (as noted in its low survey ratings) and therefore removed it from the 2019 CISA Job Practice:
- Conduct reviews to determine whether a project is progressing in accordance with project plans.
How the CISA Exam is Graded Conclusions
Hopefully, this post has helped you to make some sense of how the CISA exam is graded. I understand that there is a lot that goes into this process and that it can be confusing for candidates, especially if this is your first exam of this type. You will find a lot of information here on our site about how to prepare for the exam. In this regard, you can be more prepared for the testing and scoring process.
If we’ve missed anything you would like to know, do drop us a line with your questions and concerns. Good luck!
For More Information