Partnered with
iVox.ai
Sign Up
Login
Sign Up
Login

Certified Information Systems Auditor (CISA)

About CISA

The Certified Information Systems Auditor (CISA) certification is globally recognized for validating an individual's expertise in auditing, control, and security of information systems. It focuses on ensuring that IT systems are managed effectively to support business goals.

The topics included in the CISA Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information systems auditing. Successful candidates are competent in the following five domains:

  • Information System Auditing Process
  • Governance and Management of IT
  • Information Systems Acquisition, Development, and Implementation
  • Information Systems Operations and Business Resilience
  • Protection of Information Assets

For more detailed information, please visit the CISA Exam Content Outline on the ISACA website.

Exam Requirements

Candidates must have a minimum of five years cumulative paid work experience in information systems auditing, control, or security. Substitutions for experience may be available for certain educational and other professional certifications.

A candidate who does not have the required experience to become a CISA may become an Associate of ISACA by successfully passing the CISA examination. The Associate of ISACA will then have five years to earn the required experience. More information about CISA experience requirements and how to account for part-time work and internships can be found at www.isaca.org/certifications/cisa.

Accreditation

CISA is in compliance with the stringent requirements of ISO/IEC 17024:2003 standard.

Job Task Analysis (JTA)

ISACA has an obligation to its membership to maintain the relevancy of the CISA. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by audit professionals who are engaged in the profession defined by the CISA. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today's practicing information systems auditors.

Examination Information

Length of exam 4 hours
Number of items 150
Item format Multiple choice
Passing grade 450 out of 800 points
Exam language availability English, Spanish, Chinese, and Japanese
Testing center Pearson VUE Testing Center

Domains

A–Planning
  • IS Audit Standards, Guidelines, and Codes of Ethics
  • Types of Audits, Assessments, and Reviews
  • Risk-Based Audit Planning
  • Types of Controls and Considerations
B–Execution
  • Audit Project Management
  • Audit Testing and Sampling Methodology
  • Audit Evidence Collection Techniques
  • Audit Data Analytics
  • Reporting and Communication Techniques
  • Quality Assurance and Improvement of Audit Process
A–IT Governance
  • Laws, Regulations, and Industry Standards
  • Organizational Structure, IT Governance, and IT Strategy
  • IT Policies, Standards, Procedures and Practices
  • Enterprise Architecture and Considerations
  • Enterprise Risk Management
  • Privacy Program and Principles
  • Data Governance and Classification
B–IT Management
  • IT Resource Management
  • IT Vendor Management
  • IT Performance Monitoring and Reporting
  • Quality Assurance and Quality Management of IT
A–Information Systems Acquisition and Development
  • Project Governance and Management
  • Business Case and Feasibility Analysis
  • System Development Methodologies
  • Control Identification and Design
B–Information Systems Implementation
  • System Readiness and Implementation Testing
  • Implementation Configuration and Release Management
  • System Migration, Infrastructure Deployment, and Data Conversion
  • Post-implementation Review
A–Information Systems Operations
  • IT Components
  • IT Asset Management
  • Job Scheduling and Production Process Automation
  • System Interfaces
  • Shadow IT and End-User Computing
  • Systems Availability and Capacity Management
  • Problem and Incident Management
  • IT Change, Configuration, and Patch Management
  • Operational Log Management
  • IT Service Level Management
  • Database Management
B–Business Resilience
  • Business Impact Analysis
  • System and Operational Resilience
  • Data Backup, Storage, and Restoration
  • Business Continuity Plan
  • Disaster Recovery Plans
A–Information Asset Security and Control
  • Information Asset Security Frameworks, Standards, and Guidelines
  • Physical and Environmental Controls
  • Identity and Access Management
  • Network and End-Point Security
  • Data Loss Prevention
  • Data Encryption
  • Public Key Infrastructure
  • Cloud and Virtualized Environments
  • Mobile, Wireless, and Internet-of-Things Devices
B–Security Event Management
  • Security Awareness Training and Programs
  • Information System Attack Methods and Techniques
  • Security Testing Tools and Techniques
  • Security Monitoring Tools and Techniques
  • Security Incident Response Management
  • Evidence Collection and Forensics

Exam Preparation

Preparation for the CISA exam can be intensive. ISACA provides a variety of resources including review manuals, online training, and interactive exam preparation resources. Candidates are encouraged to join study groups and participate in training sessions to enhance their preparation. Engaging in practical exercises and scenario-based questions is crucial for success on the exam. Additionally, using the WannaPractice platform can enhance your preparation with interactive practice questions and scenarios that are specifically tailored to the CISA domains.

Responsive Footer