The Certified Information Systems Auditor (CISA) is a worldwide recognized credential that focuses on information system auditing, control, and security (IS). In IT security, audit, risk management, and governance, it is a well-respected credential. So, utilize this material to learn about these standards and see if you’re eligible for a CISA. You must also meet the CISA criteria to obtain this certification.
Table of Contents
Requirements of the CISA
ISACA, the organization that established the CISA, states that people interested in information systems auditing, control, and security will be awarded the certification if they meet the following criteria:
- Pass the CISA certification test.
- Obtain the required job experience.
- Fill out a CISA certification application.
Although passing the CISA test is not required before meeting the work experience criteria, most candidates do. And, regardless of the sequence in which you complete these activities, you must pass the test and get job experience before obtaining the CISA certification.
Then, once you’ve obtained your CISA certification, you must maintain it by doing the following:
- Keep the ISACA Code of Professional Ethics in mind.
- Complete the prerequisites for the Continuing Professional Education program.
- Keep the Information Systems Auditing Standards in mind.
The CISA certification criteria, as you can see, are not too difficult. However, like with any qualification, obtaining them takes time, effort, and money. By knowing more about each of these needs, you can evaluate if the commitment is worthwhile.
Like mentioned above, the requirements of applying for CISA Certification are classified into two categories: Before and After getting CISA Certification. In this article, we’ll mainly discuss the requirements Before applying for CISA Certification and the Application of CISA Certification.
Requirements for CISA Certification
As previously stated, passing the CISA test, gaining work experience, and completing the CISA certification application are the prerequisites for getting the CISA certification.
Exam Requirement for CISA
As previously stated, the CISA test requirement is the first criterion that most candidates must meet. You must pass the CISA test to satisfy this criterion.
But, to be eligible for the CISA test, what prerequisites must you meet? Even though the CISA test includes criteria similar to those of many other certifications, the CISA exam requirements are unusual. You do not need to satisfy any of them to take the exam.
Yes, ISACA does not have any criteria for taking the CISA test. ISACA only requires that CISA exam applicants are interested in information security audits, control, and security.
The CISA exam, on the other hand, was created by ISACA to evaluate your comprehensive understanding of information systems and information technology audit, control, assurance, and security. As the CISA test curriculum demonstrates, passing the exam needs a substantial degree of expertise with these topics.
Content of the CISA Exam
The CISA exam is designed to put students through their paces on tasks they encounter in professional IT roles. As a result, the CISA test separates those tasks into five areas. These are the domains:
- Process of Information System Auditing (21 % )
- Information Technology Governance and Management (17 % )
- Acquisition, Development, and Implementation of Information Systems (12 % )
- Business Resilience and Information Systems Operations (23 % )
- Information Asset Protection (27 % )
Domains 4 and 5 account for more than half of the total curriculum, as you can see. As a result, you must devote a significant amount of study time to these subjects. However, it would be best if you did not overlook the other domains, which are equally essential.
Exam Format and Languages for CISA
There are 150 multiple-choice questions in the CISA test. You also have 4 hours (240 minutes) to respond to these questions.
The CISA test is also available in the following languages:
- Chinese Traditional
- Chinese Simplified
CISA Experience Requirement
To obtain your CISA certificate, ISACA also requires you to have at least five years of experience in professional information systems auditing, control, or security. Work experience qualifies if your day-to-day activities involve completing tasks listed under at least 1 CISA job practice domain area. ISACA lists all the CISA certification job practice domains on its website. Furthermore, ISACA updates its job practice analysis periodically to ensure the CISA exam content directly relates to the candidates’ tasks with the CISA certification.
You must accumulate your 5 years of work experience with the 10 years before applying for CISA certification or within 5 years of passing the CISA exam. And once you pass the CISA exam, you have 5 years to apply for the certification.
As mentioned, most people obtain their work experience after they pass the CISA exam, but you do not have to do this. If you come to the CISA certification process with IS experience already on your resume, then you’re simply ahead of the game. And you will probably have an easier time passing the CISA exam.
What’s more, you do not have to work at the same job for 5 years to fulfill the CISA work experience requirements. Instead, you can amass your experience in a few different ways because ISACA has implemented some substitutions and waivers for CISA work experience.
CISA Work Experience Waiver
To help candidates meet the CISA work experience requirements, ISACA allows candidates to substitute up to 3 years of the CISA work experience requirement’s 5 years with the following substitutions:
- A maximum of 1 year of information systems experience for 1 year of experience
- A maximum of 1 year of non-IS auditing experience for 1 year of experience
- 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) for 1 year of experience
Furthermore, you can also use these educational credits to waive 1 year of relevant CISA work experience:
- 60 completed university semester credit hours (equivalent to a 2-year or associate’s degree)
- ISACA does not impose the 10-year preceding restriction on this substitution
- Bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula
- However, you can’t use this option if you’ve already claimed 3 years of experience substitution and educational waivers.
- A master’s degree in information security or information technology from an accredited university
Additionally, you can employ these degrees/programs to waive 2 years of relevant CISA work experience:
- 120 completed university semester credit hours (equivalent to a 4-year or bachelor’s degree)
- ISACA does not impose the 10-year preceding restriction on this substitution
- ACCA member status from the Association of Chartered Certified Accountants
- Full Chartered Institute of Management Accountants (CIMA) certification
Finally, you can use a master’s degree (post-grad degree) in information systems or a related field to waive 3 years of the CISA work experience requirement.
If you have obtained other degrees, qualifications, and credentials with significant are auditing, control, assurance, or security component, you can submit your case to the CISA Certification Committee for consideration.
CISA Experience Verification Form
The final step in fulfilling the CISA work experience requirements is completing the CISA experience verification form. ISACA expects a supervisor or manager with whom you have worked to verify your work experience independently. Your verifier cannot be part of your immediate or extended family, nor can they work in the HR department.
Verifiers must fill out the CISA experience verification form and return it to the candidate to include with their CISA certification application.
CISA Certification Application
All you have to do now is complete and submit the CISA application for certification after passing the CISA test and meeting the work experience criteria. You must also submit the CISA application within 5 years of passing the CISA test, as previously stated.
ISACA’s website has the CISA certification application. You may then save it to your computer and fill it out online, or you can print it off and fill it out by hand. Then, on ISACA’s support page, you may upload and submit your application, as well as any extra verification forms (such as the CISA experience verification form) and supporting documentation. At this point, you must also pay the $50 application processing fee. This is a non-refundable one-time payment.
Your application may take up to two weeks to be processed by ISACA. And, because ISACA has created an appeal procedure for certification application denials, application decisions are not final. If you want to learn more about the appeals procedure if ISACA rejects your application, send an email to email@example.com.
If ISACA approves your application at the conclusion of the processing time, they will send you an email confirming that it has been approved. A certification packet will also be sent to the primary address listed in your ISACA profile. A letter of approval, a CISA certificate, and a metal CISA pin will be included in this bundle. And it’s possible that this package will take 4-8 weeks to arrive. However, once you get it, you will be a CISA!
If you are interested in this topic, please follow us and we’ll share more ISACA-CISA news. And if you have more questions or ohter topics that you are interested, please let us know!