How to Become CISA Certified

Shares

how to become cisa certified

Welcome to this page dedicated to aspiring Certified Information Systems Auditors! CISA has become one of the “hottest” certifications after a series of financial scandals Arthur Anderson fallout, and problems in internal control.

The number of CISAs has doubled in the last decade. Are you ready?

How to Become CISA Certified

1. Register for the CISA Exam

You may not realize, but there is no prerequisite to take this exam. As long as you have given this a good thought and believe that the CISA exam is useful for your career, go ahead.

2. Complete the CISA Exam

This is a pencil-and-paper exam available three times each year. It is a 4-hour exam consisting of 200 questions in multiple choice format. Anyone can take the exam as long as they pay the registration fees.

In terms of syllabus, there are 5 domains surrounding the role and responsibility of IT auditors. Theories are tested but in general, if you are a practicing IT auditor, it is relatively easy.

The passing rate is around 50%. Successful candidates can work towards the experience requirements and apply for the certificate.

3. Fulfill the Experience Requirement

This is actually the stricter part of the CISA certification process. You need to have at least 5 years of experience in information system auditing, control or security.

The work experience must be gained within 10 years preceding the application date, or within 5 years from the date of passing the exam.

There are various ways to obtain waivers. Please refer to this requirements page below.

4. Maintain the Certification

You can maintain its active status by paying the maintenance fees and fulfilling the CPE requirements. You’ll need to have at least 20 contact hours per year, and 120 contact hours within a fixed 3-year period. For details, please refer to this CPE Policy on ISACA website.

Step 2: Understand
Exam requirements

For Your Further Reading

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:
  • Harshavardhan says:

    Hi Stephanie

    Thank you for writing an elaborate blog posts on whole CISA scenario.

    I want to pursue a CISA certification but I am unable to find a way out because I am confused. I have completed my Bachelors & Masters in Computer Application & I have 2 years of work experience in consulting, development, networking, database in implementation of ERP.

    Is it good to go for a CISA certification if there is no formal IT audit experience?

    • Stephanie says:

      Hi Harshavardhan,
      Thanks for your note, and you are most welcome. In terms of taking the CISA exam, it’s no problem because you don’t need any specific prerequisite for that. For the actual exam, given your very relevant master’s degree I think you will likely do well.

      The question is more on the working experience. Not too sure but your current work may get 1 year of waiver. Then your education will give you 2 years This means that you still need 3 years of specific IT auditing experience to get the qualification.

      So in summary, you don’t need the formal IT audit experience now but in order to get the certificate later on, you do need at least 3 years of that. This is at least my understanding. you may want to double check with ISACA as well.

      More info here: https://ipasstheciaexam.com/cisa-requirements/
      Regards, Stephanie

  • Jim Thorpe says:

    Hi Stephanie, I am considering the CISA, but their explanation of how experience requirements are determined to be met are kind of vague to me. I am not asking about the difficulty of the exam, but I am wondering if my experience will qualify in order to meet the 5 years requirement. I have 12 years experience in IT as a Network Engineer and IT Manager. I have been responsible for the security of networks that require Sarbox, PCI, and HIPAA for 20 years. My masters degree is from an accredited university in accounting. However, I have never had the word “security” or the word “auditor” in my job title. I am just not sure if the experience requirements can be met by jobs that are responsible for security but not specifically an auditor or security engineer.

    • Stephanie says:

      Hi Jim, I wish I could give you an answer, but I am not sure. I think on the “security” side you are all set but it depends how much they want the auditing side of the experience to be counted. You can send them an email and ask for their suggestion? When asked to give description of your work, try to package it with a bit more quantitative analysis and checking into it. Auditing is pretty much that in broad terms. Good luck! Stephanie

    • Robin says:

      Hi Jim,

      If I may be of help, you may approach your local ISACA Chapter, the VP of Membership should be able to assist on clarify & answer your questions.

  • Shreeya says:

    Hi Stephanie
    This is Shreeya. I have a Bachelor’s Degree in accounting and 4.5 years non-it audit experience.Can I consider sitting for the CISA Exam?

  • Stacie says:

    I have masters degree in computers and have 3 years of experience in IT. (No auditing or security experience )

    Can I opt for this course ? How do I start preparing for this course ?

    Which book should I follow to start first?

    I see lots of books on amazon for this course . Should I buy those books?

    Please help …
    Thanks,
    STACIE

    • Stephanie says:

      Hi Stacie, the easiest way is to sign up for a CIA exam review course, which is specifically designed for candidates to pass the exam in the most efficient manner. You can check out the pros and cons of the top providers here: https://ipasstheciaexam.com/cia-exam-review-courses/

      Do note that you have to fulfill at least one year of internal audit experience to get the certification. It’s ok not to have any of this experience now, but you should plan to get that sometime in your career to make taking the CIA exam worthwhile.

  • Seth says:

    Hi Stephanie,

    As far as work experience goes the ISACA website states that a minimum of 5 years of professional information systems auditing, control or security work experience is required for certification. Do you know what they mean by security work experience? I have worked in corporate security for 10 years mostly focused on physical security, business continuity and security compliance with such standards as NERC CIP, HIPAA, PCI DSS, TCPA. I have never had the job title of information system auditor. Do you think my work experience would qualify for the CISA certification?

  • Aishwarya Agarwal says:

    Hi Stephanie,
    I am quite confused as to what does ‘Experience in professional information systems auditing, control or security work’ actually means??
    Does it means a job for 5 years related to above mentioned work or a sought of training/internship with an organisation?
    Please help…

  • Ryan says:

    Hi Stephanie. Thank you for the useful info. I have just passed the sept 2016 exam. For cert requirement. I have a bachelors degree in Information tecnology and a masters degree in information technology security. My degrees were completed 10 years ago. I have a number of years non IT experience. Can you pls advise that based on my background, how much experience do I need going forward to be certified?

  • S.KRISHNAMURTHY says:

    MY QUALIFICATIONS ARE
    B.A (MATHS &PHYSICS ) 2 YEARS STUDY AFTER INTERMEDIATE
    S.A.S/S.A.S.(REVENUE AUDIT ) CERTIFICATION BY SUPREME AUDIT INSTITUTION OF INDIA )I ) C & AG OF INDIA
    PGDBA OF ANNAMALAI UNIVERSITY 1 YEAR

    LL.B OF MUMBAI UNIVERSITY 3 YEARS
    M.L OF MADRAS UNIVERSITY 2 YEARS
    MORE THAN 19YEARS AUDIT EXPERIENCE IN C &AG DEPT
    NEARLY 20YEARS IN GOVT PUBLIC SECTOR ACCOUNTS/AUDIT EXPERIENCE
    12 YEARS STATUTORY/INTERNAL /TAX AUDIT WHICH INVOLVED COMPUTER ASSISTED FINANCIAL /ACCOUNTS COMPILATIONS IN AUDIT FIRM

    AM I ELIGIBLE TO TAKE THE CISA EXAMN AND WHAT WILL BE THE WAIVER QUANTUM /
    KINDLY CLARIFY

  • Seth says:

    Hi Stephanie,

    As far as work experience goes the ISACA website states that a minimum of 5 years of professional information systems auditing, control or security work experience is required for certification. Do you know what they mean by security work experience? I have worked in corporate security for 10 years mostly focused on physical security, business continuity and security compliance with such standards as NERC CIP, HIPAA, PCI DSS, TCPA. I have never had the job title of information system auditor. Do you think my work experience would qualify for the CISA certification?

  • Siva says:

    Hi, can you please clarify if my experience of 5 years in Internal audit will qualify for CISA certification. It is not specifically in Information system, but normal auditing experience. Will it count?

    • Stephanie says:

      Hi Siva, did you read the post on the exam requirements (the big bold link at the bottom of the page above)? Anyway, you can waive 1 year of experience using non-IS audit experience. You may want to check that page out for details.

  • zeeshan says:

    Hello Guys!!
    I have a keen interest in IT auditing but still not getting an opportunity to enter in security site, although i have been working in ISP (Core OPS) and 4 year plus exp along with CCNA ,CCNP certificate.beside that i did BE (electronics),
    Kindly suggest me is am eligible for CISA ?

  • Sundar says:

    Hi Stephanie,
    I would like to pursue CISA. I have a Bachelors degree in Commerce and Masters in Computer Applications and I have around 20 years of experience in the Information Technology field. I have never worked in audit environment. What sort of waiver I can get because I read a 5 years prior auditing experience is required.

    Also, I am not a citizen of USA or do not hold a green card.Do I have the eligibility to take up CISA certification.

    Could you please guide me how to go about in getting certified in CISA.

    Thank you very much for your time and help.Hoping to hear from you.

    Regards,
    Sundar

    • Stephanie says:

      Hi Sundar,
      You certainly don’t need a US citizenship or residency to take the CISA certification. It’s a global certification ๐Ÿ™‚
      I tried to guide people on how to get started in this post… maybe you can click and see what you need to go for your next step? I would check out the qualification page (the exam requirements). Also, you may want to check out the official website as well. Stephanie

  • roman says:

    hi stephine,
    I have a bachelor degree from computer science and engineering (4 year -2014) and currently student of Master-(cse)program. (complete within 3 month) but I have also 7 years full time job experience as IT engineer ( administration) and all those education was evening shift.in (2005-2009) I aslo complete my diploma in computer engineering after that o start my job simultaneously did those 2 degree. now come to the point, is my profile and experience match with this?

    pls let me know your valuable advice.

    thank you
    roman

    • Stephanie says:

      Hi Roman,
      Thanks for your note. It looks to me that you have a good background to study for this exam, but in terms of the experience, they do require IT audit experience. I know it’s a chicken-and-egg kind of situation, but in reality, if you pass the CISA exam, people know you are committed to this industry and it’s helpful that way. No guarantee on jobs of course, but I believe that’s how it could be offer value-add. Hope it helps! Stephanie

  • Swapnil says:

    Hi Stephanie,

    I have 8 years of experience in Network Infrastructure , system admin , Networking environment, considering CISA exam, will i be ok with the domain?

  • Pradep says:

    Hi Stephanie,
    I am looking to prepare for CISA, having 15 years of IT experience.
    Can you please guide on some of the ways to prepare, which can result maximum possibility of passing the exam ?
    Thanks.

  • gunnar says:

    I have no background in IT Auditing nor controls or security but would love to join ISACA.
    does it mean I can’t join?

  • Kp says:

    I am a science graduate with 13 years of banking experience. I am very much I interested in CISA certification…but not sure as I do not have IT background…

  • >