Roadmap to Success: ISACA CISA
Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.
The Information Systems Audit and Control Association Certified Information Systems Auditor (ISACA CISA) certification is designed to affirm IT professionals' skills and knowledge as systems auditors. Roles for which the CISA qualifies learners include operations manager, development manager, project management, systems auditor, and more.
ISACA Certified Information Systems Auditor (CISA) The ISACA Certified Information Systems Auditor (CISA) is an intermediate-level certification that is globally respected and highly prestigious. The certification serves as a standard of achievement for those who audit, control, monitor, and assess information technology and business systems. The CISA certification is commonly required for managerial and high-level positions, particularly in government roles and occasionally in enterprise business roles.
The CISA certification addresses five information system audit, control, or security areas (called job practice domains):
The process of auditing information systems;
Governance and management of IT;
Information systems acquisition, development, and implementation;
Information systems operations, maintenance and service management; and
Protection of information assets.
The CISA certification is made up of one exam, for which CBT Nuggets offers training:
ISACA CISA 2016
Though there are no formal prerequisites for the CISA, it is an intermediate-level certification for which learners should have a minimum of five years of auditing experience, strong familiarity with IT operations as well as IT development lifecycles and project management.
Exam Details Exam Registration The CISA exam is unique in that it is only offered during the months of June, September, and December. Most learners register for their exam dates several months in advance. For example, the June 2016 exam allowed registration as early as November 2015, followed by a February 2016 early registration deadline, and an April 2016 final registration deadline. Learners must register in advance for the exam and have a valid admission ticket in order to gain access to the testing facility and exam experience.
Apply for the CISA Certification Once learners pass the exam, the next step is to apply for certification (an online form is also available, and is best viewed using Internet Explorer). The application materials include a requirement to submit evidence a minimum of five years of professional experience in information systems auditing, control, or security work experience.
Exam Location The CISA is offered on specific dates and in specific locations. While there are many locations across the United States, it is important for learners to be aware of testing location availability as they plan for the CISA exam.
Time allotted for exam: 4 hours Number of questions: 15 Question types: Multiple choice Passing score: 450 Exam registration: ISACA (for the September 2016 exam registration) Exam cost: Early registration for ISACA members: $450 — for non-ISACA members: $635 Final registration for ISACA members: $500 — for non-ISACA members: $685 *Fees for exam registrations submitted by mail increase by $75 Exam Objectives: CISA Certification Job Practice Domains (free resource)
Recertification The CISA is valid for three years from the date of certification. The certification carries with it an extensive continuing professional education (CPE) requirement. Learn more about the details of CPE requirements on the ISACA website. Generally, the CISA requires:
20 CPE hours are obtained and reported annually;
Annual CPE maintenance feeds are submitted to ISACA; and
120 CPE hours are obtained and reported within a three-year reporting period.
The Next Step Many learners pursuing the CISA certification will choose to continue with other ISACA certifications. The natural next step for those who have earned the CISA may include:
Certified Information Security Manager (CISM) (made up of one exam: ISACA CISM); or
ISACA Cybersecurity Nexus certifications.
Some learners may choose to diversify their vitae/resumes by pursuing certifications outside of ISACA. Certifications often pursued by CBT Nuggets learners include:
Certified Ethical Hacker (made up of one exam: EC Council Certified Ethical Hacker v 8.0); and/or
Security CISSP (made up of one exam: (ISC)2 Security CISSP).
Career Considerations Simplyhired.com/ provides a helpful salary guide to help learners determine appropriate pay scales for job opportunities associated with the CISA. Depending on professional experience, an employee who holds a CISA can earn on average $64,000. Payscale.com/ reports a range of salaries for employees holding a CISA certification between $53,694 and $144,164. Roles that are common for those holding a CISA certification include senior IT auditor, IT auditor, internal auditing manager, information security manager, information security analyst, and more.
The CISA certification meets the requirements for DOD 8750 and/or DOD 8140 baseline certifications for IAT Level III and CSSP Auditor, qualifying learners for Department of Defense jobs and contract work for the U.S. federal government.
ISACA Certifications Paths ISACA offers five certifications:
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)
Cybersecurity Fundamentals Certificate (CSX)
Cybersecurity Practitioner (CSX-P)
Cybersecurity Specialist (CSX-S) (currently in development)
Cybersecurity Expert (CSX-E) (currently in development)
While there are no certification prerequisites for any of the ISACA certification paths, there are significant work experience requirements for certification eligibility. As ISACA continues to develop its Cybersecurity Nexus certifications, it appears that these certifications, like other ISACA certifications, will not carry formal prerequisites.
Concluding Thoughts The CISA affirms your knowledge, skills, experience, and credibility to offer real solutions and deliver value to enterprises. The global recognition of a CISA certification opens up career opportunities that expand your skills and create exciting challenges in the workplace.
Watch. Learn. Conquer CISA!