Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.
The Information Systems Audit and Control Association Certified Information Systems Auditor (ISACA CISA) certification is designed to affirm IT professionals’ skills and knowledge as systems auditors. Roles for which the CISA qualifies learners include operations manager, development manager, project management, systems auditor, and more.
ISACA Certified Information Systems Auditor (CISA)
The ISACA Certified Information Systems Auditor (CISA) is an intermediate-level certification that is globally respected and highly prestigious. The certification serves as a standard of achievement for those who audit, control, monitor, and assess information technology and business systems. The CISA certification is commonly required for managerial and high-level positions, particularly in government roles and occasionally in enterprise business roles.
The CISA certification addresses five information system audit, control, or security areas (called job practice domains):
- The process of auditing information systems;
- Governance and management of IT;
- Information systems acquisition, development, and implementation;
- Information systems operations, maintenance and service management; and
- Protection of information assets.
The CISA certification is made up of one exam, for which CBT Nuggets offers training:
Though there are no formal prerequisites for the CISA, it is an intermediate-level certification for which learners should have a minimum of five years of auditing experience, strong familiarity with IT operations as well as IT development lifecycles and project management.
The CISA exam is unique in that it is only offered during the months of June, September, and December. Most learners register for their exam dates several months in advance. For example, the June 2016 exam allowed registration as early as November 2015, followed by a February 2016 early registration deadline, and an April 2016 final registration deadline. Learners must register in advance for the exam and have a valid admission ticket in order to gain access to the testing facility and exam experience.
Apply for the CISA Certification
Once learners pass the exam, the next step is to apply for certification (an online form is also available, and is best viewed using Internet Explorer). The application materials include a requirement to submit evidence a minimum of five years of professional experience in information systems auditing, control, or security work experience.
The CISA is offered on specific dates and in specific locations. While there are many locations across the United States, it is important for learners to be aware of testing location availability as they plan for the CISA exam.
Time allotted for exam: 4 hours
Number of questions: 15
Question types: Multiple choice
Passing score: 450
Exam registration: ISACA (for the September 2016 exam registration)
Exam cost: Early registration for ISACA members: $450 — for non-ISACA members: $635
Final registration for ISACA members: $500 — for non-ISACA members: $685
*Fees for exam registrations submitted by mail increase by $75
Exam Objectives: CISA Certification Job Practice Domains (free resource)
The CISA is valid for three years from the date of certification. The certification carries with it an extensive continuing professional education (CPE) requirement. Learn more about the details of CPE requirements on the ISACA website. Generally, the CISA requires:
- 20 CPE hours are obtained and reported annually;
- Annual CPE maintenance feeds are submitted to ISACA; and
- 120 CPE hours are obtained and reported within a three-year reporting period.
The Next Step
Many learners pursuing the CISA certification will choose to continue with other ISACA certifications. The natural next step for those who have earned the CISA may include:
Some learners may choose to diversify their vitae/resumes by pursuing certifications outside of ISACA. Certifications often pursued by CBT Nuggets learners include:
Simplyhired.com provides a helpful salary guide to help learners determine appropriate pay scales for job opportunities associated with the CISA. Depending on professional experience, an employee who holds a CISA can earn on average $64,000. Payscale.com reports a range of salaries for employees holding a CISA certification between $53,694 and $144,164. Roles that are common for those holding a CISA certification include senior IT auditor, IT auditor, internal auditing manager, information security manager, information security analyst, and more.
The CISA certification meets the requirements for DOD 8750 and/or DOD 8140 baseline certifications for IAT Level III and CSSP Auditor, qualifying learners for Department of Defense jobs and contract work for the U.S. federal government.
ISACA Certifications Paths
ISACA offers five certifications:
While there are no certification prerequisites for any of the ISACA certification paths, there are significant work experience requirements for certification eligibility. As ISACA continues to develop its Cybersecurity Nexus certifications, it appears that these certifications, like other ISACA certifications, will not carry formal prerequisites.
The CISA affirms your knowledge, skills, experience, and credibility to offer real solutions and deliver value to enterprises. The global recognition of a CISA certification opens up career opportunities that expand your skills and create exciting challenges in the workplace.
Watch. Learn. Conquer CISA!