The Information Systems Audit and Control Association (ISACA) provides information system professionals with a worldwide community in which to share knowledge and build peer relationships. As part of its mandate, ISACA has developed and released its own professional certification program. The ISACA program consists of four credentials designed for information system professionals who want to validate their industry experience and skill sets. One of these ISACA credentials is the Certified Information Systems Auditor (CISA).
Overview of CISA Certification
The CISA certification targets information system auditors, who, outside of their normal auditing activities, typically make information system solution recommendations in consultation with business analysts and security professionals. These auditors also work to ensure that their solutions comply with industry and government regulations.
ISACA has organized the CISA certification around the following five knowledge domains:
- Process of Auditing Information Systems
- Governance and Management of IT
- Information Systems Acquisition, Development and Implementation
- Information Systems Operations, Maintenance and Support
- Protection of Information Assets
To earn the CISA certification, candidates must fulfill several requirements, a few of which are listed below:
- Pass the CISA certification exam.
- Gain five years of documented work experience in information systems auditing, control, security, or assurance.
- Agree to comply with the ISACA Code of Professional Ethics and the CISA Continuing Education Policy.
While the required work experience can be earned after passing the exam, it must be completed within five years of passing. The certification is not granted until this work experience requirement is met.
In some instances, candidates can make substitutions regarding professional experience. For example, certain education qualifications can count for up to three of the five years of required experience.
CISA Certification Exam Details
The CISA certification exam is offered three times each calendar year. Candidates can register through the ISACA website or by submitting a hard copy registration form.
Individuals have four hours to complete the test. The exam consists of 200 multiple-choice questions, which are based on the five CISA knowledge domains listed earlier in this article. The ISACA estimates percentages of how much exam content is based on each domain:
- Process of Auditing Information Systems (14%)
- Governance and Management of IT (14%)
- Information Systems Acquisition, Development and Implementation (19%)
- Information Systems Operations, Maintenance and Support (23%)
- Protection of Information Assets (30%)
The exam is scored on a sliding scale between 200 and 800. The minimum passing score is 450. Exam results are sent out to candidates about five weeks after they take the exam.
Further information about the exam is available on the ISACA website.
Renewing the CISA Certification
CISA certification is valid for three years, once earned. CISA holders must complete a number of Continuing Professional Education (CPE) hours during that time period in order to maintain their certification. Some CPE regulations for professionals to follow are listed below:
- CISA holders must earn 120 CPE hours over the three-year certification period, with no less than 20 CPE Hours for any given year.
- Pay annual CPE maintenance fees.
- Comply with the ISACA Code of Professional Ethics and ISACA's IT auditing standards.
Candidates can earn CPE hours by participating in sanctioned ISACA meetings or events or via certain non-ISACA activities related to CISA professionals. More information about CPE Hours and how to earn them can be found on the ISACA website.
By earning the CISA certification, professionals can demonstrate that they have the required level of expertise desired in today's workplace and can also potentially gain a competitive edge in the job market.
"Job Practice Areas," ISACA,
"Maintain Your CISA," ISACA,
"Prepare for the CISA Exam," ISACA,
"The Benefits of CISA," ISACA, http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/What-is-CISA/Pages/default.aspx