• Information System Auditing Process (21%)
  • Governance and Management of IT (17%)
  • Information Systems Acquisition, Development and implementation (12%)
  • Information Systems Operation and Business Resilience (23%)
  • Protection of Information Assets (27%)

CISA (Certified Information Systems Auditor)

The increased dependence on IT by extension increases the level of technological risk that an organisation faces, which has the knock-on effect , therefore increasing the relevance of IT audit.

CISA (Certified Information Systems Auditor) is one of the most in-demand and highly sought after professional qualification in the world.

The CISA designation is a globally recognized certification for IS audit control, assurance, and security professionals.

“Since its inception in 1978, more than 140,000 people have obtained ISACA®’s Certified Information Systems Auditor® (CISA®) certification to validate their expertise in understanding and performing vital roles within their job practice.”

Certified Information Systems Auditor Course Outline

The course content surrounds the pivotal Five Domains. The information imparted within each domain is as follows:

Domain 1: Information Systems Audit Process:

Domain 2: IT Governance and Management:

Domain 3: Information Systems Acquisition, Development, and Implementation:

Domain 4: Information Systems Operations, Maintenance, and Support:

Domain 5: Protection of Information Assets:

Certification Exam Details

Scheduling the Exam Appointment Eligibility Exam: eligibility is required to schedule and take an exam. Eligibility is established at the time of exam registration and is good for twelve (12) months (365 days). Exam registration and payment are required before you can schedule and take an exam. Exam fees are non-refundable and non-transferable. You will forfeit your fees if you do not schedule and take the exam during your twelve-month eligibility period. No eligibility deferrals or extensions are allowed.

Exam cost:

Exam Fees Exam registration fees are based on membership status at the time of exam registration. • ISACA Member: US $575

• ISACA Nonmember: US $760 

Note: Exam registration fees are non-refundable and non-transferrable.

Exam Length: 4 hours (240 minutes), 150 multiple choice questions

Passing:  A score of 800 represents a perfect score with all questions answered correctly.  You must receive a score of 450 or higher to pass the exam which represents the minimum standard of knowledge.

Individuals can take an exam four times in a rolling year (the initial attempt and three retakes – the 365 rolling calendar date is from the date of the first exam attempt).

Retake 1 (attempt 2): Candidates must wait 30 days from the date of the first attempt

Retake 2, (attempt 3): Candidates must wait 90 days after the date of the second attempt

Retake 3 (attempt 4): Candidates must wait 90 days after the date of the third attempt


Certified Information Systems Auditor (CISA)  awarded by the Information Systems Audit and Control Association (ISACA)


The final step to becoming CISA certified is to submit your CISA Certification Application. Prior to doing so, you must meet the following requirements:

  • Pass the CISA Exam within the last 5 years.
  • Have relevant full-time work experience in the CISA Job Practice Areas.
  • Submit the CISA Certification Application including the Application Processing Fee. 50$ 

Comply with the Information Systems Auditing Standards: Individuals holding the CISA designation agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.

  • Demonstrate the Required Minimum Work Experience: A minimum of 5-years of professional information systems auditing, control, or security work experience – as described in the CISA job practice areas – is required for certification. The work experience for CISA certification must be gained within the 10-year period preceding the application date for certification. Candidates have 5-years from the passing date to apply for certification.
  • Substitutions and waivers may be obtained to a maximum of 3 years as follows:
    • A maximum of 1-year of information systems experience OR 1-year of non-IS auditing experience can be substituted for 1-year of experience.
    • 60 to 120 completed university semester credit hours (the equivalent of a 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2-years, respectively, of experience.
    • A master’s degree in information security or information technology from an accredited university can be substituted for 1-year of experience.

The experience substitutions will not satisfy any portion of the 2-year information systems audit work experience requirement.

Exception: Every 2-years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1-year of experience.

It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements. This practice is acceptable although the CISA designation will not be awarded until all requirements are met.