CISA Requirements, Exemptions and Waivers



You don’t need any qualifications to be eligible for the CISA exam. However, in order to obtain the CISA certification, candidates must fulfill the working experience requirements.

You can take the exam first and accumulate the experience later, but bear in mind that the certification cannot be completed without work verification.

CISA Exam Requirements

None. Anyone can take the exam, but…

CISA Requirements Related to Experience

In order to obtain the certificate, ISACA requires at least 5 years of experience in:

  • Professional information systems auditing
  • control or security

Please check out this page on job practice for more information.

CISA Exemptions and Waivers

1. The following work experience can substitute 1 year of the above:

  • 1 year in information system
  • 1 year in non-IS auditing
  • 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing)

2. These education credits can waive 1 year of relevant experience:

  • 60 credit hours (2-year degree) from university
  • Bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula
  • A master’s degree in information security or information technology from an accredited university.

3. These degree/programs can waive 2 years of relevant experience:

  • 120 credit hours (4-year degree) from university
  • ACCA (member status)
  • CIMA full certification

4. Other relevant degrees/programs:

If you have obtained other degrees, qualifications and credentials with significant IS auditing, control, assurance or security component, you can submit the case to the CISA Certification Committee for consideration.

How the Waivers Work

You can only substitute 1 year of experience with another type of work, and you can waive anther 2 years of experience with a 4-year degree.

Therefore, the maximum substitution / waiver you can get is 3 years.

Important Note on CISA Requirements

You must obtain the work experience within 10 years preceding the application, or within 5 years of passing the CISA exam.

Next Step: See what’s to be
Tested in the CISA Exam

For Your Further Reading

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:
  • Anu says:

    I am a qualified Cost accountant (CMA-India,previously known as CWA) and pursuing CA final from ICAI-India with 3 years mandatory articleship training experience. I am planning to take up CISA this MAY. It is specified that one has to provide a 5 year work experience from the date of passing exam.My queries in this regard are:
    a) How is it possible to show a 5 years experience within 5 years from passing. If one does not any have prior work experience?
    b) Will my qualifications be considered for waiver>

    Thanks for the help in advance

    • mmajstor says:

      a) if you don’t have waivers you can achieve it just if you started to work in this field as soon as you pass the exam.
      b) no

    • mmajstor says:

      Sorry, if your qualifications are university education (2 or 4 years) than you can have 1or2 years of waivers.

  • mmajstor says:

    Hi Stefanie,

    Regarding this waiver – “60 credit hours (2-year degree) from university,” I think I saw additionally on their website something such as ten years preceding period. Do you know what does it mean? I have finished my university more than 10 years ago and I don’t know whether I can use it as a waiver.


  • Basu says:

    Hi Stefanie,

    I am currently working in IT industry, with total 13 years of experience now. My scope of support has been IT Service Management, Transitions, Service Delivery. I have a Graduation in Science *B. Sc), regular three year course. What is total no. of years of exclusion I can expect to get with my past experience and education completed

    • Meghan D says:


      The maximum waiver is 3 years. You may be eligible to receive all 3 of those years in the form of a wavier; however, without knowing your exact information, I cannot provide you with specific guidance. You can apply to the IIA’s program and see for certain. Or you can contact the IIA to see if you they can provide you with specific guidance prior to you applying to the program.


  • Esaie M says:

    Dear all,

    I am willing to take the CISA exam. Is there any plateform like “GLEIM” for CIA, who can be recommended for the preparation of the CISA exam?

  • >