CISA Certification Requirements: A Detailed Guide for 2024

The globally recognised Certified Information Systems Auditor, or CISA certification, helps candidates become trained professionals who audit, control, and secure information systems. It is recognised as one of the most respected certifications in the IT industry. But did you know the CISA Requirements? Read this blog further to learn more.   

According to an ISACA report, since 1978, over 160,000 professionals have been CISA certified. The same report reveals that the CISA certification is an industry-standard credential for IT auditors worldwide. The blog discusses the various CISA Requirements, including its format, work experience, and certification maintenance techniques.   

Table of Contents 

1) Understanding the CISA Requirements 

    a) Content of the CISA Exam 

    b) Format and language of the CISA Exam 

    c) Work experience requirement for the CISA Exam 

    d) Requirements to maintain the CISA certification 

    e) Requirements for non-practicing CISAs 

2) Conclusion 

Understanding the CISA Requirements

The ISACA provides professionals with a certification recognised worldwide, training professionals and entry-level learners to focus on auditing, controlling and securing information systems. Eligible candidates who successfully pass the exam are awarded the Certified Information Systems Auditor (CISA) title.  

Candidates must satisfy the CISA requirements to acquire the certification. ISACA does not require candidates to pass the examination before they fulfil the requirements for work experience, although most candidates have passed the exam. The three basic requirements to be fulfilled by candidates involve passing the CISA examination, fulfilling the pre-requisites and submitting their application for the CISA certification. Candidates can fulfil the first two tasks in whichever order they desire before being awarded the certification.   

Moreover, candidates are expected to abide by the ISACA's Code of Professional Ethics after earning their CISA certification. They must also complete their CPE (Continuing Professional Education) program and maintain compliance with the standards for auditing Information Systems. 


 

Content of the CISA Exam 

The ISACA has designed the CISA exam to test their candidates on the activities they will undertake when in professional IT positions. The CISA examination is typically segregated into five distinct domains such as: 

a) Information System Auditing Process – 21 percent  

b) IT Governance and Management – 17 percent 

c) Acquisition, Development, and Implementation of Information Systems – 12 percent 

d) Operation of Information Systems and Business Resilience – 23 percent 

e) Information Asset Protection – 27 percent 

The above five domains represent the CISA examination, of which domains 4 and 5 comprise more than 50 percent of the complete syllabus. The ISACA thus expects candidates to demonstrate commitment and dedication to preparing all domains.   

Format and Language of the CISA Exam 

The ISACA designs the CISA examination to contain 150 questions in a multiple-choice format. Candidates must get familiar with the scoring method of the exam, which is a conversion of their raw score to a final scaled score between 200 and 800. They are allocated 240 minutes to answer all the questions. Furthermore, candidates can attempt their CISA exam in one of ten available languages: English, German, French, Japanese, Chinese Traditional, Chinese Simplified, Spanish, Turkish, Italian, and Korean.   

Work experience requirement for the CISA Exam 

Candidates can be awarded the CISA certification if they satisfy ISACA's requirements of completing a minimum of five years of working experience. The ISACA qualifies a candidate's work experience if their regular job activities include completing tasks listed within at least one domain of CISA's job practice area. 

Furthermore, candidates can gather five years of work experience within ten years before applying for their CISA certification. Alternatively, their work experience also counts within five years after receiving their CISA certification. Although most candidates choose to acquire work experience after they are awarded the certification, gaining experience before the exam is recommended. 

Eligible CISA candidates who come to the exam with experience in information systems are automatically ahead of their inexperienced counterparts. This work experience in auditing information systems and familiarity with tools for securing information systems makes them more competent in the market.   

ISACA also allows its CISA exam candidates to gather their work experience in various ways as an alternative to working for five years consecutively. These alternatives comprise work waivers and certain substitutions. These waivers are as follows: 

A waiver on work experience 

Candidates are provided assistance from the ISACA to meet their work experience requirements. It helps them by allowing a substitution of a maximum of three years’ work experience out of CISA’s requirement of five years. The various substitutions are as follows: 

a) A maximum of one year's work experience in information systems corresponding to a year of experience.  

b) A maximum of one year’s work experience in non-IS auditing work corresponding to a year of experience. 

c) Work experience of two years as a full-time university instructor in related fields like computer science, auditing information systems, or accounting, corresponding to a year of experience. 

Furthermore, the following credits are considered acceptable by the ISACA, to waive one year of relevant work experience for the CISA: 

a) The completion of 60 hours of the university semester is considered equal to an associate’s degree.  

b) A Bachelor’s or a Master’s degree from a university that abides by the ISACA model curriculum.  

c) A Master’s degree in information technology or information security from a university with a CISA accreditation. 

d)  A completion of 120 credit hours in a university semester which is considered equal to a four-year Bachelor’s degree.  

e) An active member status under the Association of Charted Certified Accountants (ACCA).  

f) A certification from the Full Chartered Institute of Management Accountants (CIMA).  

In addition to the points mentioned above, candidates can leverage their master's degree in information systems to waive three years of work experience for CISA. The ISACA also considers other qualifications and professional credentials with significant IS auditing, assurance, and security hours. They can send in their applications for consideration to the CISA committee.  

1) Experience verification form for CISA: The verification form is the final step to fulfilling the CISA work experience. The ISACA expects managers to verify the candidate's work experience independently. More importantly, the individual conducting the verification must not have any immediate professional or personal relationships with the candidate. After the verification is complete, the verifier needs to fill out the CISA experience verification form and return it to them for including it in their application.  

2) Application for the CISA certification: After a candidate has successfully passed their CISA exam requirements for work experience, their final step is to submit the CISA application to get certified. They must remember to submit within five years of passing their examination.

Once the ISACA approves the application, the candidates will be notified by email. They will then receive the CISA certificate, a letter of approval and a metal CISA pin by mail from ISACA. The receipt of this packet bestows the candidate with the title of a CISA professional. 

Acquire the knowledge of security tools and IT audits for CISA by signing up for the CISA Training course now! 

Requirements to maintain the CISA certification 

Here are some key requirements to maintain the CISA certification:  

1) Professional conduct: Candidates must remember to comply with the ISACA's Code of Professional Ethics and abide by the auditing standards for information systems.

Here are some points from the code of conduct:  

a) To support the implementation of appropriate standards and encourage compliance through procedures for effective governance and enterprise management.  

b) To perform the assigned duties with due diligence, professional conduct and care, and objectivity according to professional standards.  

c) To serve lawfully in the interest of company stakeholders while maintaining a high standard of conduct.  

d) To maintain competency in their fields and undertake tasks they can expect to complete with their knowledge and skills.  

e) To support a stakeholder's professional education in improving their knowledge of governing enterprise information systems. This includes their understanding of auditing, controlling, and securing IS.  

2) Contact hours for CPE: The ISACA has instituted the CPE quote for candidates at a minimum of 20 hours of CPE annually. Candidates will benefit from the CPE hours by advancing their knowledge and abilities to perform CPE-related activities. They can also utilize the same CPE hours to satisfy the program's requirements.  

3) Guidelines for CPE: If candidates successfully report the necessary number of CPE hours and pay their maintenance dues on time, the ISACA sends them a confirmation letter.   

Requirements for non-practicing CISAs  

The ISACA has maintenance provisions for inactive holders of the CISA certificate. These inactive individuals can include non-practicing or retired ones. A non-practicing individual can be someone not working in the field but interested in maintaining their certification. A retired individual is considered a person over 55 years of age and permanently retired or unable to perform their CISA duties due to a disability. 

Conclusion 

The benefits of the CISA certification are many, although also lengthy. Candidates must invest time and practice to retain and maintain their certification status. The ISACA governs and regulates the various CISA Requirements yet keeps them flexible for candidates. 

The most essential requirement to become a CISA professional is to pass the CISA exam. Preparing ahead of time and demonstrating resilience and commitment will help candidates pass their exams in the first attempt, enhancing their market competency. 
 
Learn about the audit process for information systems by signing up for the Certified Information Systems Auditor course now!