Career / Career Progression

Roadmap to Success: ISACA CISA

by Karin Klinger
Roadmap to Success: ISACA CISA picture: A
Follow us
Published on April 5, 2016

Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.

The Information Systems Audit and Control Association Certified Information Systems Auditor (ISACA CISA) certification is designed to affirm IT professionals' skills and knowledge as systems auditors. Roles for which the CISA qualifies learners include operations manager, development manager, project management, systems auditor, and more.

ISACA Certified Information Systems Auditor (CISA)

The ISACA Certified Information Systems Auditor (CISA) is an intermediate-level certification that is globally respected and highly prestigious.

The certification serves as a standard of achievement for those who audit, control, monitor, and assess information technology and business systems. The CISA certification is commonly required for managerial and high-level positions, particularly in government roles and occasionally in enterprise business roles.

The CISA certification addresses five information system audit, control, or security areas (called job practice domains):

  1. The process of auditing information systems;

  2. Governance and management of IT;

  3. Information systems acquisition, development, and implementation;

  4. Information systems operations, maintenance and service management; and

  5. Protection of information assets.

The CISA certification is made up of one exam, for which CBT Nuggets offers training:

  • ISACA CISA 2016

Though there are no formal prerequisites for the CISA, it is an intermediate-level certification for which learners should have a minimum of five years of auditing experience, strong familiarity with IT operations, IT development lifecycles, and project management.

Exam Details

Exam Registration:

The CISA exam is unique in that it is only offered during the months of June, September, and December. Most learners register for their exam dates several months in advance.

For example, the June 2016 exam allowed registration as early as November 2015, followed by a February 2016 early registration deadline and an April 2016 final registration deadline. Learners must register in advance for the exam and have a valid admission ticket in order to gain access to the testing facility and exam experience.

Apply for the CISA Certification:

Once learners pass the exam, the next step is to apply for certification (an online form is also available, best viewed using Internet Explorer). The application materials require evidence of a minimum of five years of professional experience in information systems auditing, control, or security work.

Exam Location:

The CISA is offered on specific dates and in specific locations. While there are many locations across the United States, it is important for learners to be aware of testing location availability as they plan for the CISA exam.

  • Time allotted for exam: 4 hours

  • Number of questions: 15

  • Question types: Multiple choice

  • Passing score: 450

  • Exam registration: ISACA (for the September 2016 exam registration)

  • Exam cost: Early registration for ISACA members: $450 for non-ISACA members: $635 Final registration for ISACA members: $500 for non-ISACA members: $685 *Fees for exam registrations submitted by mail increase by $75

  • Exam Objectives: CISA Certification Job Practice Domains (free resource)


The CISA is valid for three years from the date of certification. The certification carries an extensive continuing professional education (CPE) requirement. Learn more about the details of CPE requirements on the ISACA website. Generally, the CISA requires:

  • 20 CPE hours are obtained and reported annually;

  • Annual CPE maintenance feeds are submitted to ISACA, and

  • 120 CPE hours are obtained and reported within a three-year reporting period.

The Next Step

Many learners pursuing the CISA certification will continue with other ISACA certifications. The natural next step for those who have earned the CISA may include:

  • Certified Information Security Manager (CISM) (made up of one exam: ISACA CISM); or

  • ISACA Cybersecurity Nexus certifications.

Some learners may diversify their vitae/resumes by pursuing certifications outside of ISACA. Certifications often pursued by CBT Nuggets learners include:

Career Considerations provides a helpful salary guide to help learners determine appropriate pay scales for job opportunities associated with the CISA.

Depending on professional experience, a CISA-certified employee can earn an average of $64,000. reports a range of salaries for employees holding a CISA certification between $53,694 and $144,164.

Common roles for those holding a CISA certification include senior IT auditor, IT auditor, internal auditing manager, information security manager, information security analyst, and more.

The CISA certification meets the requirements for DOD 8750 and/or DOD 8140 baseline certifications for IAT Level III and CSSP Auditor, qualifying learners for Department of Defense jobs and contract work for the U.S. federal government.

ISACA Certifications Paths

ISACA offers five certifications:

  • Certified Information Systems Auditor (CISA)

  • Certified Information Security Manager (CISM)

  • Certified in the Governance of Enterprise IT (CGEIT)

  • Certified in Risk and Information Systems Control (CRISC)

  • Cybersecurity Nexus:

  • Cybersecurity Fundamentals Certificate (CSX)

  • Cybersecurity Practitioner (CSX-P)

  • Cybersecurity Specialist (CSX-S) (currently in development)

  • Cybersecurity Expert (CSX-E) (currently in development)

While there are no certification prerequisites for any ISACA certification paths, there are significant work experience requirements for certification eligibility. As ISACA continues to develop its Cybersecurity Nexus certifications, it appears that these certifications, like other ISACA certifications, will not carry formal prerequisites.

Concluding Thoughts

The CISA affirms your knowledge, skills, experience, and credibility to offer real solutions and deliver enterprise value. Its global recognition opens up career opportunities that expand your skills and create exciting challenges in the workplace.

Watch. Learn. Conquer CISA!


By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522