Are you looking for information on how to fulfill the CISA requirements for certification?
The Certified Information System Auditor (CISA) certification is a globally-recognized certification focusing on the audit, control, and security of information systems (IS). It is a high-respected certification in the field of IT security, audit, risk management, and governance. There are requirements necessary to get this certification.
However, you don’t need any qualifications to be eligible for the CISA exam. However, in order to obtain the CISA certification, you must fulfill the working experience requirements. CISA certification requires you pass the CISA exam AND meet all of the work requirements. As long as all conditions are met, you can apply for CISA certification.
You can take the exam first and accumulate the experience later, but bear in mind that the certification cannot be completed without the work verification. So, let’s look into this a bit more.
First, to become CISA certified, there are four basic steps:
Of course, it’s not quite as easy as that sounds. There are certain CISA requirements that need to be met in order to get your application approved. That’s what we’re going to talk about here in this post. First, let’s look at the exam requirements.
The CISA certification itself was launched in 1976. In the last decade alone, the number of ISACA members quadrupled, with more than 27,000 IT professionals taking the exam every year. This shows you that it is growing increasingly in popularity and remains a standard in the industry.
So, what are the CISA exam requirements? As stated above, none. Anyone can take the exam. That’s right, there are no prerequisites for taking the exam.
However, there are CISA requirements to become officially certified and hold that coveted title.
To understand the CISA exam requirements, first, you need an idea of what is on the CISA exam.
I’m not going into too much detail about what the CISA exam covers because we have several other posts on that topic. However, if you’re new to us via this post only, it can be helpful to know the basics. The idea of the CISA exam is to test candidates on the same tasks they will use in their professional IT positions.
Furthermore, those tasks are broken down into five different categories, called “domains”, based on the types of tasks.
The exam overs these five domains:
Domains 4 and 5 represent more than half of the overall syllabus. There is a lot of information packed into them, so it’s important you know them well. However, you don’t want to neglect the other domains, as they are equally important.
You can learn more about the CISA exam syllabus here. Now, about those CISA requirements for certification…
In order to obtain your CISA certificate, ISACA requires at least 5 years of experience in:
This is in addition to passing the CISA exam. As said above, some people like to get their work experience first, because it can be easier to pass the exam when you have years’ worth of practical experience in the workplace. However, there are no rules that say you cannot take the exam first, then obtain your five years of work experience.
There are also some CISA exemptions and waivers that you should be aware of. It could be very helpful to you if you qualify for one of these.
1. The following work experience can substitute 1 year of the above:
2. These education credits can waive 1 year of relevant experience:
3. These degree/programs can waive 2 years of relevant experience:
4. Other relevant degrees/programs:
If you have obtained other degrees, qualifications, and credentials with significant IS auditing, control, assurance or security component, you can submit the case to the CISA Certification Committee for consideration.
So, how do these waivers work?
So, if the idea of waivers appeals to you, you’re in luck. It’s important to understand how they work. You may be eligible for waivers to replace some of the five years required, based on your education or current work experience.
However, you can only substitute 1 year of experience with another type of work, and you can waive another 2 years of experience with a 4-year degree.
Therefore, the maximum substitution/waiver you can get is 3 years. CISA requirements still say you have to have at least 2 years of relevant work experience, even after the waivers.
If you’re wondering if your education qualifies for a waiver, here is information as presented by the ISACA.
Work experience qualifies if the applicant’s day-to-day activities involve completing tasks listed under the job practice domain areas for the specific certification you are attempting to achieve. The ISACA lists all the CISA Certification Job Practice requirements on their website. This job practice analysis is done periodically to ensure the things they are testing on the CISA exam directly relate to the tasks candidates will do in a CISA certified job.
If you see your job or job tasks on this list, then you should qualify for a CISA work waiver and you should meet the CISA requirements for certification.
You must obtain the work experience within 10 years preceding the application, or within 5 years of passing the CISA exam. For most people who are actively working in the industry, this should not be a problem. The only time it might be a potential concern is
CISA is not just for IT auditors (although it is for them, too). Here are some other jobs you can get with a CISA certification:
So, how much money do you stand to make if you get your CISA certification? This is another popular question and for good reason. Since there are many CISA requirements and you need to put a lot of time, effort, and even money into meeting them, it’s normal to wonder what you will get from all of this.
While earnings will vary by past experience and location, the average salary for CISA-certified professionals ranges from $52,459 to $122,325 per year. As a result, this is a highly lucrative field to get into and to be certified for.
|IT Audit Salary||General Internal Audit Salary|
|Entry level||$63 – $74,000||$52 – $67,000|
|Junior||$71 – $100,000||$60 – $87,000|
|Senior||$91 – $132,000||$78 – $111,000|
|Manager||$108 – $166,000||$92 – $151,000|
Source: Robert Half
You may want to check out our comprehensive page on IT audit salary and career path.
Sure, it sounds like a lot of work (because it is), but don’t let all of those CISA requirements discourage you. Above all, there are some additional benefits that come with all that hard work.
Here’s a great video that talks about the benefits of being CISA certified:
Candidates and CISA certification holders must agree to abide by the Code of Professional Ethics. Failure to adhere to it may lead to investigation and disciplinary action.
ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders.
Members and ISACA certification holders shall:
Failure to comply with this Code of Professional Ethics can result in an investigation into a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.
The ISACA requires certificate holders to keep updated with the latest professional development and ask that they take a minimum number of continuing professional educations.
The CISA certification is renewed every 3 years. Within this reporting period, CISAs must follow these rules and requirements to maintain their certification:
1. Annual requirement
2. 3-year reporting period requirement
You can learn more about CISA CPE requirements here.
At the end of the day, there are many benefits to CISA certification that makes meeting the stringent requirements worth it. However, while there are no specific requirements to take the exam, there are CISA requirements to get your certification, and to maintain it over time. Furthermore, they are well worth it with all the benefits you will reap from holding this certification.
In conclusion, the requirements are worth it and the waivers make it easier if you’re already working in the field. There’s no reason not to go for your CISA certification if this is a career path you are serious about.
Furthermore, check out the further reading section for more important CISA info and updates. You can also learn how to pass the CISA exam on your first try. Do you have other questions about the CISA requirements we missed? Let us know in the comments so we can answer for you!
I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.