The Certified Information Systems Auditor or CISA is awarded to professionals who exhibit proficiency in information systems security, audit, and control.
The CISA is the chief certification sponsored by the Information Systems Audit and Control Association, or ISACA.
The CISA has gained world-class recognition making it a certification that IT-inclined accountants would definitely consider.
To become a Certified Information Systems Auditor, a candidate must fulfill a series of rigid requirements.
The CISA Examination
The CISA exam is usually offered in June and September every year. The contents of the CISA Examination include areas in information systems security, audit, and control. ISACA has organized these areas in the following domains.
Domain 1 – The Process of Auditing Information Systems (14%)
Domain 2 – Governance and Management of IT (14%)
Domain 3 – IS Acquisition, Development and Implementation (19%)
Domain 4 – IS Operations, Maintenance and Support (23%)
Domain 5 – Protection of Information Assets (30%)
All successful candidates will be sent a notification of a passing mark plus information on how to apply for the CISA certification.
Application for CISA Certification
Successful candidates may apply for CISA certification within 5 years from passing the examination. Certification will only be awarded to candidates who meet the experience requirements.
CISA certification requires a minimum of 5 years of professional work experience in information systems auditing, control or security. Substitutes to work experience may be applied for a maximum of 3 of the 5 required years. ISACA allows the following as qualifying substitutes.
- A maximum of 1 year of information systems experience or 1 year of non-IS auditing experience can be substituted for 1 year of experience.
- Sixty (60) to 120 completed university semester credit hours (the equivalent of a 2 or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
- A bachelor's or master's degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience.
- A master's degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
- Two years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.
Candidates and CISA certification holders must agree to abide by the Code of Professional Ethics. Failure to adhere to it may lead to investigation and disciplinary action.
Continuing Professional Education
Certified Information Systems Auditors should maintain skill and proficiency and stay abreast with developments related to the professional designation. CISAs are required to complete 120 hours of CPE every three years with a minimum of 20 hours per year.
To learn more about CISA, visit the ISACA Website.