What is CISA Certification? A Beginner’s Guide

what is CISA certification

What is CISA?

CISA, which stands for Certified Information Systems Auditor, is the most recognized designation for IS audit control, assurance, and security professionals. The purpose is to help determine if a person is qualified to hold the certification. What determines qualification is set by the ISACA and based on the work tasks and requirements for working in the IT profession, or related fields.

In this post, I am going to answer the question, “What is CISA?” In addition, I’m going to give you information about how to get certified and what kinds of jobs you can expect to get with CISA certification, as well as what kind of salary you can expect. Look at it as a great beginner’s guide to everything CISA and CISA certification. Are you ready to dive in?

What is the CISA Certification?

The CISA certification is one of the four granted by ISACA, an association established in 1969 for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA has more than 140,000 members in 180 countries. It has been growing even more in the past decade with the demands for technology jobs increasing.

There is now a greater need for people who can work securities and auditing in these tech companies. However, this certification is not new. CISA certification itself was launched in 1976. It’s just needed more now than ever before, and that is good news for people who are looking to get into the industry, or advance in the industry.

In the last decade, the number of ISACA members quadrupled, with more than 27,000 IT professionals taking the exam every year. The name “CISA” refers to the full title, Certified Information Systems Auditor, but you will sometimes see it used interchangeably with the certification as a shortened version. So, if someone says they’ve “gotten their CISA”, they actually mean they have their CISA certification.

Now you know what the acronym stands for. What benefits are there to getting your CISA certification? Let’s explore this question.

CISA Benefits

There are many benefits to getting this certification, which is partly why it is in such high demand. Here are some of the top benefits.

1. Best Qualification in Your Niche

The CISA certification is more technical and specialized than, say, a CIA or CPA. If you want to prove your technical expertise in IT auditing and show your dedication in this industry, CISA certification will prove to be a great investment. It’s basically the “cream of the crop” when it comes to qualifications in this niche.

2. CISA Gets You in the Game

It will put you in a prime position for some of the best jobs. As a well-established qualification within IT auditing, CISA gets you past the first hurdle for some jobs that require it, where otherwise you would not have a chance. As one reader commented:

I have had recruiters immediately disqualify me because i didn’t have my CISA and others wanted to make sure i was ‘actively pursuing’ it before we could continue talking.”

3. Ride High on IT Auditing

IT Auditing itself is an increasingly important field as more accounting functions are being done through information systems. The higher emphasis on internal control in the last 10 years keeps pushing the demand higher. You can get in on that demand and take advantage of the opportunity to work in a highly respected field.

Not surprisingly, the highest demand for CISAs comes from financial institutions in both audit and non-audit capacities, including IT risk management, IT compliance and IT controls analysts.

4. Higher Salary

Given the demand and the special expertise, it is not surprising that IT audit demands a higher salary than a generalist within the internal audit profession. If you want to make more money, this certification is going to help you do it.

Here is a quick comparison on average US salaries for your reference:

 IT Audit Salary  General Internal Audit Salary
 Entry level  $63 – $74,000  $52 – $67,000
 Junior  $71 – $100,000  $60 – $87,000
 Senior  $91 – $132,000  $78 – $111,000
 Manager  $108 – $166,000  $92 – $151,000

Source: Robert Half

You may want to check out our comprehensive page on IT audit salary and career path. This will show you more in-depth information about career options and potential salary.

What sort of value do you get from this certification, apart from just higher wages and better job opportunities? Let’s hear it from the mouths of those who have been there.

Value of CISA Certification as Shown in this Video

As you can see if you watch this video from ISACA, there is great value in getting this certification. Furthermore, the benefits have an extensive reach beyond just the initial certification.

Taking the CISA Exam

The CISA exam itself will test you on five areas called the five domains. They are:

  1. The process of auditing information systems (21%)
  2. Governance and management of IT (16%)
  3. Information systems acquisition, development, and implementation (18%)
  4. Information systems operations, maintenance and support (20%)
  5. Protection of information assets (25%)

You can learn more about the five domains and what they entail in the CISA syllabus.

How Much Does it Cost?

1. ISACA Membership (Optional)

Membership to ISACA is optional, but there are some reasons you may want to consider it. CISA membership fees consist of international dues, local chapter dues, and new member fees. Here is the level in 2019:

  • International dues: $135
  • Local chapter dues: range from $0 to 140
  • New membership fee: $10 if online; $30 if faxed

2. Exam Fees

While membership to the ISACA is optional, the costs of the actual CISA exam are not. You will need to pay fees to “sit” for your exam. This is a registration fee that ensures people actually show up when they are supposed to in order to take the test. It also helps cover the expenses at testing centers, such as the proctors on site, and it helps with the processing of the scoring.

2019 CISA Exam Fee
Early-bird registration
Standard registration

The CISA exam fee itself has not increased since 2017, at least, so this is good news. If you want to save as much as possible, go for the early bird registration. It will save you $50 off whichever registration you choose (member or non-member) and that $50 really adds up.

3. Additional Fees

There could also be some additional fees. For example, if you need to defer your exam, there is a processing charge of $50 to $100 depending on when you submit the request. You will also need to pay for study materials, and an application fee for the actual certification once you take the exam, but that comes later.

4. Annual Maintenance Fee

Once you fulfill all the requirements, you can obtain the certificate. The annual maintenance fee is $40 for members and $65 for non-members. You will have to pay this, and also show you are meeting the requirements every year to maintain your certificate and title.

The Million-Dollar Question: Can CISA Land Me a Job?

So, is CISA worth it? That is the magic question, isn’t it? There is a lot of time, effort, and money that goes into getting your CISA certification. Therefore, it is not a task that most people would take lightly.

I’d like to share the thoughts from one of my readers:

“It depends. I have had recruiters immediately disqualify me because I didn’t have my CISA and others wanted to make sure I was “actively pursuing” it before we could continue talking. Then I landed my current job without it and during the interview, there was only a brief discussion about being “sufficiently credentialed”. I think we can all agree that any certification doesn’t make you any better or worse. I have met some pretty terrible IT Auditors that had their CISA and some great ones without it.”

Here is another response:

“I think having it is worth it. It will get you past the first hurdle for some jobs that require it where otherwise you would not have a chance.”

Career Opportunities for CISA Certificate Holders

We can’t talk about whether or not CISA can land you a job without also talking about some of the career opportunities that will open up for you once you get your certification.

Here are a few common roles for people with this certificate:

  • Internal auditor
  • Public accounting auditor
  • IS analyst
  • Audit manager (IT)
  • Project manager (IT)
  • Security officer (IT)
  • Network operation security engineer
  • Cyber security professional
  • IT consultant
  • IT risk and assurance manager
  • Privacy officer
  • Chief information officer

Is CISA Certification Worth It?

So, what do you think? Is certification worth it? In all honesty, you are the only person who can truly answer that for you. I can tell you that in my opinion, yes, it is definitely worth it. I can also show you the opinions of others who have taken it and allowed it to further advance their careers.

However, you’re the one who has to decide if it is right for you and your career path. It does require a lot of time and money commitment to take the exam and get fully certified. If you know that you want a career in a CISA field, it just makes sense to do it.

What’s your view? I’d love to hear your thoughts below!

Next Step:
How can you become a CISA>>

How to Get Your CISA Certification

Now that you have more information about what it all entails, would you like to know how to get certified? There are four basic steps to getting certified, as follows.

  1. You need to pass the CISA exam with a score of at least 450. (In short, the number of correctly answered questions is converted to a scaled score for your CISA exam scoring results.)
  2. In addition, you need at least five years of experience in professional informational systems auditing, control, or security.
  3. Next, you also need to maintain your certification over time. This requires paying a maintenance fee and also fulfilling the CPE requirements.

Passing the Exam

To pass the exam, you first need to register. Anyone can register because there is no prerequisite to take this exam. As long as you have given this a good thought and believe that this exam is useful for your career, go ahead.

After you are signed up, you will want to begin to study for the exam. There are many different tools to help make it easier for you to study. For example, there is the official CISA Review Manual. There are also review courses like Surgent CISA Course. If you’re interested in taking a review course, see our post on the best three for 2021.

Getting the Professional Experience

This is actually the stricter part of the certification process. You need to have at least 5 years of experience in information system auditing, control or security. You need this experience in:

  • Professional information systems auditing
  • Control or security

The work experience must be gained within 10 years preceding the application date, or within 5 years from the date of passing the exam.

CISA Exemptions and Waivers

1. The following work experience can substitute 1 year of the above:

  • 1 year in information system work
  • 1 year in non-IS auditing
  • 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing)

2. These education credits can waive 1 year of relevant experience:

  • 60 credit hours (2-year degree) from university
  • Bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula
  • A master’s degree in information security or information technology from an accredited university.

3. These degree/programs can waive 2 years of relevant experience:

  • 120 credit hours (4-year degree) from university
  • ACCA (member status)
  • CIMA full certification

4. Other relevant degrees/programs:

If you have obtained other degrees, qualifications, and credentials with significant IS auditing, control, assurance or security component, you can submit the case to the CISA Certification Committee for consideration.

Maintaining Your Certification

You can maintain its active status by paying the maintenance fees and fulfilling the CPE requirements. You’ll need to have at least 20 contact hours per year, and 120 contact hours within a fixed 3-year period. For details, please refer to this CPE Policy on the ISACA website.

Code of Professional Ethics

In addition to the above, you will also have to adhere to the Code of Professional Ethics as set forth by the ISACA. It’s pretty straightforward and based on common sense code of ethics, so it shouldn’t be a problem.

For more about how to become CISA certified, browse or search this site. We have many posts and reviews to help you learn more and make an informed decision for yourself about this career path and what certifications and review courses will help you along the way.

So, what do you think? Do you now feel like you have a better understanding of the certification, what CISA stands for, and what it all means?

For Your Further Reading

Please rate this

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:

Leave a Comment:

Add Your Reply