The CISA certification is a world-renowned competency benchmark that measures an auditor’s skill in evaluating IT systems. Issued by ISACA, it recognizes IT professionals who monitor, manage and protect information systems for businesses.
CISAs ensure that a company’s information systems are well-managed and protected from risk. They are responsible for instituting IT controls and addressing vulnerabilities in IT systems.
A CISA’s main responsibilities usually involve:
Designing and implementing auditing strategies, based on a sound knowledge of risk management
Determining whether an organization’s IT assets have adequate protections
Executing audits with reference to the audited company’s business objectives
Presenting audit results and offering business solutions based on those results
Revisiting past audits to measure organizational follow-through on recommendations
CISA-accredited professionals are also often involved in other aspects of business operations. These can include risk and resource management, disaster recovery, policy reviews, and business continuity strategies.
How Does CISA Work?
CISA knowledge is divided into 5 job practice domains, each covering a different aspect of systems auditing. The first step to becoming accredited is to master each of these 5 domains, then go on to take ISACA’s CISA exam.
The five domains are:
Information Systems Audit Process: This involves planning, conducting and reporting on IS audits.
IT Governance and Management: CISAs are responsible for managing and evaluating IT departments’ structures, policies and processes.
Information Systems, Acquisition, Development and Implementation: CISAs often function as project managers during the implementation of IT systems.
Information Systems Operations and Business Resilience: The maintenance and service management of implemented information systems also falls under the job’s remit.
Protection of Information Assets: CISAs must identify and recommend practices that actively address cyber risks.
Taking the CISA Exam
The CISA exam previously ran in June, September and December every year, but thanks to online registration and proctoring it is now available year-round.
Candidates must score 450 (out of a possible 800) or higher to pass. You can take the exam up to four times per year, starting with the date of your first attempt. ISACA currently offers English, Chinese Mandarin Simplified, French, Japanese, Korean and Spanish-language versions of the exam.
Applying to take the exam costs $50, and if your application is accepted it will cost a further $595 to take the exam – or $465 for ISACA members.
Preparing for the CISA Exam
The CISA exam is known for its difficulty, with an average pass rate of around 50%. It’s best to begin preparations early: successful candidates generally take between 6 months and a year to revise for the exam.
ISACA offers a number of resources to help prospective CISAs prepare for the exam, including a Questions, Answers & Explanations Database, a CISA-specific prep community, an online review course, and an eBook of study materials. Of these, the most important resource is the ISACA Review Manual, which is updated yearly.
There are also many courses available from training providers, such as Good e-Learning’s CISA Training(hyperlink). These high-quality courses cover all the materials in the Review Manual, with expert-led videos, interactive knowledge checks, and full-length practice exams.
Acquiring your CISA Certificate
Once you pass the exam, the next step is to apply for your CISA certificate. ISACA requires that CISA applicants have at least 5 years of professional experience in IS auditing, control, or security work.
You can substitute one year of other IS experience in place of auditing work, or one year of conventional auditing experience in place of IS work. A relevant university degree can also be used in place of up to 2 years of work experience, depending on the length of the degree. All experience must have occurred within 10 years of the date of your application.
CISA holders are required to take part in ISACA’s Continuing Professional Education (CPE) program. CPE is an on-going training program that makes sure CISAs keep up-to-date with their industry. CPE has four main goals:
1 - Monitoring each CISA’s IS audit, control and security knowledge
2 - Identifying CISAs who are no longer technically qualified enough to keep their certification
3 - Helping heads of department construct stable IS auditing teams by making suggestions on training, development and personnel selection
4 - Maintaining CISA knowledge and capabilities by disseminating new updates and releases
ISACA requires a minimum of 20 CPE hours annually, along with 120 hours contact hours over a three-year period. It also charges an $85 annual maintenance fee ($45 for ISACA members).
Benefits of CISA Training
Acquiring a CISA certification helps professionals prove their capability to employers and clients. It is a coveted standard for public companies all over the world and is often mandatory for IT audit and security information management (SIM) positions.
Benefits of certification include:
A competitive edge in the job market: A much-coveted qualification, showcasing your CISA-status on your CV immediately makes you more attractive to prospective employers.
Increased workplace value: The knowledge, skills and confidence that come with accreditation can lead to improved work performance and a higher perceived value within an organization.
Increased workplace credibility: Earning your CISA accreditation shows both technical capability and a high level of organization and determination.
Access to further development: CISA-accreditation means automatic enrolment in ISACA’s Continuing Professional Education (CPE) program. This program will ensure you are always up-to-date in your field.
Increased Salary: CISA-certified professionals average between $52,459 and $122,326 in annual salary – far more than their non-accredited counterparts. The highest-paid CISA positions pay upwards of $130k per year.
Why Pursue CISA Training with Good e-Learning?
Good eLearning is an award-winning online training provider. We’ve helped thousands of IT professionals, clients and businesses learn in-demand work skills and earn valuable certifications.
Our courses are designed by e-learning specialists with the help of leading industry experts. These experts feature prominently in our CISA course content, guiding the learner through the study materials. We’ve also included a multimedia mix of text, video, interactive learning and downloadable materials. Whether you’re relatively new to IS auditing, or a seasoned professional looking to take your career one step further, we offer the courses that will help you get there.
Key features of our CISA course:
Quizzes and revision modules: Our courses are designed with regular knowledge checks to help you gauge your progress. These mini-appraisals help you consolidate your knowledge interactively, and quickly get you up to speed on key principles.
Instant 12-month access: Once you buy our course, you’ll immediately be able to access to all the content included for a whole year. Students have a realistic timeframe for absorbing all the materials in the course, as well as the flexibility to fit study time around their current schedules.
Practice Exam simulators: Our mock exams take away the stress of facing an unknown exam by mimicking the format and time controls of the real thing. They’re also an excellent way of evaluating how prepared you are to book and take the official ISACA exam.
Free Tutor support: Our courses are lead by subject matter experts who provide everything you need to ace the written paper. We also provide ongoing tutor support from our in-house team, who offer personalized advice to help you overcome any obstacles you face while taking the course.
Mobile app for offline learning: Our courses can be accessed on any web-enabled device using the free Go.Learn app. App users can download materials to access offline, and continue studying while on-the-go. It’s a great way to immerse yourself in the course, while fitting it in around other commitments.
For those looking to upskill a whole team, we also specialize in corporate training for clients who want to train multiple employees at once.