Become a Certified Information Systems Auditor (CISA)
The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.
CISA Impacts Your Career and Your Organization
Enterprises demand IS audit professionals that possess the knowledge and expertise to help them identify critical issues and customize practices to support trust in and value from information systems.
The skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA demonstrates proficiency and is the basis for measurement in the profession.
• Confirms your knowledge and experience
• Quantifies and markets your expertise
• Demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise
• Is globally recognized as the mark of excellence for the IS audit professional
• Combines the achievement of passing a comprehensive exam with recognition of work and educational experience, providing you with credibility in the marketplace.
• Increases your value to your organization
• Gives you a competitive advantage over peers when seeking job growth
• Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct
With a growing demand for individuals possessing IS audit, control and security skills, CISA has become a preferred certification program by individuals and organizations around the world.
• Are highly qualified, experienced professionals
• Provide the enterprise with a certification for IT assurance that is recognized by multinational clients, lending credibility to the enterprise
• Are excellent indicators of proficiency in technology controls
• Demonstrate competence in five domains, including standards and practices; organization and management; processes; integrity, confidentiality and availability; and software development, acquisition and maintenance
• Demonstrate a commitment to providing the enterprise with trust in and value from your information systems
• Maintain ongoing professional development for successful on-the-job performance
How to Become CISA Certified
Successful completion of the CISA Examination
The examination is open to all individuals who have an interest in information systems audit, control and security. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score. For a more detailed description of the exam see CISA Certification Job Practice. Also, CISA Exam Preparation resources are available through the association and many chapters host CISA Exam Review Courses (contact your local chapter).
Submit an Application for CISA Certification
Once a CISA candidate has passed the CISA certification exam and has met the work experience requirements, the final step is to complete and submit a CISA Application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification. Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:
A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
A bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
A master’s degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
Exception: 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.
As an example, at a minimum (assuming a 2-year waiver of experience by substituting 120 university credits), an applicant must have 3 years of actual work experience. This experience can by completed by:
3 years of IS audit, control, assurance or security experience
2 years of IS audit, control assurance or security experience and 1 full year non-IS audit or IS experience or 2 years as a full-time university instructor.
It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements.
This practice is acceptable and encouraged although the CISA designation will not be awarded until all requirements are met.
The work experience for CISA certification must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam. The CISA Application for Certification is available atwww.isaca.org/cisaapp. Note that candidates have 5 years from the passing date to apply for certification.
Adherence to the Code of Professional Ethics
Members of ISACA and/or holders of the CISA designation agree to a Code of Professional Ethics to guide professional and personal conduct.
Adherence to the Continuing Professional Education (CPE) Program
The objectives of the continuing education program are to:
•Maintain an individual’s competency by requiring the update of existing knowledge and skills in the areas of information systems auditing, control or security.
•Provide a means to differentiate between qualified CISAs and those who have not met the requirements for continuation of their certification
•Provide a mechanism for monitoring information systems audit, control and security professionals’ maintenance of their competenc
•Aid top management in developing sound information systems audit, control and security functions by providing criteria for personnel selection and development
•Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.
View the complete Continuing Professional Education Policy.
Compliance with the Information Systems Auditing Standards
Individuals holding the CISA designation agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.
Please note that decisions on applications are not final as there is an appeal process for certification application denials. Inquiries regarding denials of certification can be sent to [email protected]