Does ISACA have any substitutions or waivers for its certification requirements?
Yes, it does. The following are substitutions and waivers which you may obtain:
- A maximum of one year of experience in information experience OR one year of non-IS auditing experience can be used to substitute one year of experience.
- 60 to 120 completed university credit hours (the equivalent of a two-year or four-year degree) can be substituted for one or two years of experience respectively.
- A master’s degree in information security or information technology can be substituted for one year of experience.
Instructors who have taught full-time in a related field (e.g. computer science) can substitute two years for one year of experience.
What does the CISA certification exam cover?
The certification exam covers the five domains below, which are shown with their weights:
- Domain 1 – Information System Auditing Process (21%)
- Domain 2 – Governance and Management of IT (17%)
- Domain 3 – Information Systems Acquisition, Development and implementation (12%)
- Domain 4 – Information Systems Operations and Business Resilience (23%)
- Domain 5 – Protection of Information Assets (27%)
What are the certification pre-requisites?
In addition to passing the exam, you will need to fulfil the requirements listed below to earn the CISA credential:
- Demonstrate a minimum of five (5) years of professional information systems auditing, control, or security work experience; this experience should be within the 10-year period preceding the date you applied for the certification
- Adhere to the Code of Professional Ethics
- Adhere to ISACA’s Continuing Professional Education (CPE) Policy
- Adhere to the Information Systems Auditing Standards as adopted by ISACA
How can I maintain my certification?
CISA credential holders will need to do the following to maintain their certification:
- Earn and report a minimum of 20 CPE hours every year, starting from the year after they were certified
- Earn and report a minimum of 120 CPE hours over the span of three years
- Pay the annual maintenance fee
- Comply with the CPE audit if selected
- Comply with ISACA’s Code of Professional Ethics
- Comply with ISACA’s IT auditing standards
When will I receive my exam results?
You will get your preliminary results immediately after submitting your exam. You will receive your official score via email within 10 working days. Alternatively, your score will be available online within 10 working days.
Can I attempt the examination in languages other than English?
Yes. You can choose to take the CISA examination in other languages. For more details, click here.
What will happen to my certification status if I no longer practice or decide to retire?
ISACA offers a Non-Practicing and a Retired status for professionals as long as they meet certain requirements.
The Non Practicing status is provided to active certification holders who have short- or long-term unemployment or disability, no longer work in the field but wish to retain their certification, or have extenuating circumstances which have been approved by the Certification Working Group. Non-practicing CRISC professionals will need to pay the annual maintenance fee even if they do not earn CPEs.
As for the Retired status, this is provided to professionals who are above 55 years of age and have retired from their profession, or those unable to perform specific job functions due to permanent disability. Unlike the Non-Practicing status, practitioners cannot return to Active once they retire. They will need to re-take and pass the certification exam before re-applying for the certification.