How To Get a CISA Certification


With the advancement in technology, data breaches, cybercrimes and ransomware are making headlines every day which makes it very critical to protect the IT department from such violations. The IT department is considered the brain of an organization which stores all the sensitive information. The IT department should be well equipped with knowledge and tools to monitor and protect the information.

What is CISA?

ISACA issues a certification – Certified Information Systems Auditor (CISA) for people who are accountable for observing, handling, and securing the IT department of an enterprise or organization. The CISA certification is a recognized standard worldwide that is used for evaluating the IT auditor’s understandings and expertise for technology control in the organization. This course is intended for IT auditors, audit managers, consultants and security professionals.

The Benefits of Getting a CISA Certification!

As CISA certification plays a prominent role in the IT business systems, there are significant benefits associated with it. They are:

  1. Enhances skills of the candidate

Attending the CISA course will help the candidate to develop technical skills and be aligned with the skills which are required on the job. It helps the candidate to learn various aspects and enhances their knowledge so that they can tackle any situation and save the organization from vulnerabilities. This skill set adds immense value to the profile of the individual.

2. Quantifies and markets your expertise

After achieving a CISA certification, the candidate’s knowledge will increase which gives the candidate standing in the practical world. It is not just a way to help the organization but also enhances the growth of the candidate on a personal level. It quantifies the candidate’s skill and gives a competitive advantage among the peers. The candidate can efficiently market their expertise with their newly acquired skill set and reap the benefits

3. Increases the candidate’s value to the organization

Many IT professionals try to handle and help the organization after it has been exposed to a threat and some functions are compromised. Salvaging the situation after this becomes a difficult task.

The CISA certification course believes in the motto that prevention is better than cure and therefore teaches the candidates to prevent threats from happening in the first place.  With the newly acquired skills through the CISA certification, the candidate can fill the holes of vulnerabilities of the organization’s IT department and protect it from any threats.

4. Global recognition

The certification of this course is not only accepted in one country but is recognized throughout the world. Every country acknowledges this certification as a standard of measuring the excellence for managing auditing systems and businesses. This is the reason that the course is standardized in a way to meet the global standards.

5. Gives the candidate a competitive advantage

Adding the CISA certification adds immense value to the CV and provides an extra edge to the candidate over the competitors. It is found that CISA certified personnel are valued more than the non-certified personnel due to their enhanced skill set.

It also enables the chances to worthy events such as promotions in the career graph. CISA training also allows prospects of better salary and better terms and conditions on the job.

6. Training

It is critical to have a training period so that the candidate can learn the practical aspects as well and not just the theoretical ones. It involves the learning to audit at par with compliance of the standards set globally and maintains the set of values and system information. The training enhances the control and reporting techniques of the individual and also helps to gather and preserve evidence.

Overview of the CISA Certification!

Before giving the exam, the candidate should familiarise themselves with the details of the examination such as the syllabus, scope, cost, etc. which is why we have gathered all the relevant information about the examination here to make the decision process easier.

Costs of this Certification

There are various costs associated with the CISA examination, and it is important to be aware of the costs to avoid confusion. There are discounts available such as the early bird discount for early registration which can be availed. Listed below is the breakdown of the costs associated with the CISA examination:

  1. ISACA membership

As ISACA conducts the CISA examination, there is a membership option available which consists of the international dues, local chapter dues, and new member fees. Becoming a member gives the privilege of discounted rates for registration and application. The costs associated with the membership are:

  • International dues: $135
  • Local chapter dues: range from $0 to 140
  • New membership fee: $10 if online; $30 if faxed

It isn’t compulsory for the candidate to be a member of the ISACA to give the examination. The membership discount exam fee is around $185, which is sufficient to offset this membership.

2. CISA certification examination cost

You can register online for CISA, and the cost is given below. There is an additional cost of $75 for mailing and faxing your registration:

CISA Exam FeeMemberNon-Member
Early-bird registration$525$710
Standard registration$575$760
3. Additional CISA exam cost

If for any reason the candidate needs to defer their exam then a processing fee of $50 to $100 is applicable depending on the time of submission of request. There is also no discount for re-takers.

  • Application fee: A one-time fee of $50 is applicable which is followed by an annual maintenance fee.
  • Annual maintenance fee: Once all the requirements are fulfilled, the certificate can be obtained, and the annual maintenance fee is $40 for member and $65 for non-members.
  • Other costs: The CISA exam fee which is paid at the time of registration does not include any study materials.  The cost of study materials is between $40 and $300 depending on the type of material
  • Total cost: There is an option available for early bird discount for early registration. For better understanding, we have created a table of all the costs for members and non-members. We have also mentioned the different costs with the early bird discount and without. The total cost is specified so that the candidate can make a well-informed decision.


Membership fee (median)*$175$175
Exam Registration$525$710$575$760
Mail-in application charge$75$75
Deferral charge$200$200
Certificate application fee$50$50$50$50
Certificate maintenance fee$45$85$45$85
Review materials$450$450$450$450

Exam syllabus

Before giving the exam, the candidate should be well acquainted with the syllabus of the exam for better preparation. It is important to note the weight of each content for better planning and preparation. There are many exam guides available for reference which contains the entire syllabus and the sample questions.

ISACA CISA Exam Syllabus Topics:

Domain 1The Process of Auditing Information Systems21%
Domain 2Governance and Management of IT16%
Domain 3Information Systems Acquisition, Development, and Implementation18%
Domain 4Information Systems Operations, Maintenance and Service Management20%
Domain 5Protection of Information Assets25%

1.    The process of auditing information systems

This domain discusses the functions of the IT auditors and how they can assist the organization to protect and monitor the controlling systems. Here the tasks include developing strategies of implementation of risk planning, conducting auditors and reporting. The candidate must have the knowledge of IT audit and assurance standards, techniques and tools and other applicable standards.

2.    Governance and management of IT

This domain covers the way the IT auditors assure compliance of effective organizational structure. It includes the topics of the effectiveness of policies and standards, management, objectives, and other strategies.

3.    IS acquisition, development, and implementation

This domain covers the aspects of the practices of acquisition, development, maintenance, managing projects, review, etc.

4.    IS operations, maintenance, and support

This domain ensures compliance of the processes for information system operations are by the organization’s objectives and involve periodic evaluation of IS, end-user procedures and process of information systems information.

5.    Protection of Information Assets

This is the last domain, and it covers how the auditors ensure that the organization’s policies and objectives are by confidentiality, integrity, and availability of information assets. The tasks include evaluation of policies, data classification processes, environmental controls, logical security controls, etc.

All the domains are critical for the exam but domain 4 and domain 5 represent more than half of the syllabus which is why it is important to be well-versed with these domains and also have a decent score on other domains.

Prerequisites to Apply for the Certification

  1. Experience

Successful candidates can apply for certification within five years after passing the exam. The other requirement is that certification will only be awarded to the candidates who fit in the experience criteria.

To obtain CISA certification, a minimum 5-year professional work experience in the field of auditing of information systems, control or security is required. There is also an option available for the substitute of the work experience of 3 of the five required years. ISACA has made a list of the qualifying substitutes which are:

  • An experience of maximum one year in the field of information systems or 1 year of experience in a non-IS auditing field is eligible as a substitute for one year of experience.
  • A total number of credit hours of a University of (the equivalent of a 2 or 4-year degree) 60 to 120 which is not limited by the 10-year restriction is eligible as a substitute for 1 or 2 years of experience respectively.
  • A bachelor’s or master’s degree from a recognized university, which imposes the ISACA- sponsored curricula is eligible as a substitute for a 1-year experience.
  • A master’s degree in the field of information security or the field of information technology from a recognized university can be substituted as an experience of 1 year.
  • A term of 2 years as a full-time instructor at a university in a related field can be eligible as a substitute for one year of experience.

2. Professional conduct

The candidates and CISA certification holders are required to abide by the Code of Professional ethics and failure to do so can lead to an investigation and disciplinary action.

3. Continuing professional education

CISA’s should maintain their skill and proficiency level by being updated with the developments related to the professional designation. They are expected to finish at least 120 hours of CPE every three years with a minimum of 20 hours per year.

Average Annual Salary for CISA Certified IT Auditors

As CISA is globally renowned, the CISA certified professionals earn a handsome salary depending on their job profile and organization. There are also other relevant aspects including the experience, which come into play for the deciding the salary of IT auditors. Given below is the average salary by job title:

Salary By Job Title (CISA Jobs)National Salary Data
Senior Information Technology (IT) Auditor$85,727
Information Technology (IT) Auditor$66,203
Internal Audit Director$136,082
Information Security Manager$113,630
Internal Auditing Manager$105,422
Information Security Analyst$76,583
Chief Information Security Officer$166,017

The most popular job title associated with CISA certification are IT auditor, information technology manager, internal auditing manager. Managerial positions in internal auditing have pay at the higher end of the salary spectrum. The position of the internal audit director is the highest paying position with a CISA certification. The job titles falling into the low salary spectrum can also be increased with hard work and efficiency.

Steps to Acquire a CISA Certification

Now as we have seen the overview of the CISA course and prerequisite we can move on to the application process and the steps required to acquire a CISA certification. The steps are:

1.    Register for the CISA exam

The first and foremost step to achieve CISA certification is to register for the exam. There are no eligibility criteria to give the exam, and everyone is free to do so. The candidate can go to their official website and fill the registration form. Fill the form very carefully as making modifications is a very tedious and challenging task. Check the exam dates and venues of the examination beforehand.

2.    Completing the CISA exam

The exam is available three times each year through the pencil and paper format. The exam is of 4 hours, which has 200 questions in a multiple choice format. The passing rate is around 50% after which successful candidates can fulfill the experience requirements and apply for the certificate.

3.    Successful completion of the CISA examination

The next step to be CISA certified is to pass the CISA examination successfully. As the examination is open to all the individuals’ anyone who has an interest in information systems audit, control and security can apply. Candidates who have passed the examination successfully are sent out all the details which are required for application of certification along with the notification of a passing score. There are many resources available for preparation of the exam and many chapters also host the CISA exam review courses. The candidate can contact the local chapter and be a part of these CISA exam review courses.

4.    Fulfill the experience requirements

Once all the prerequisites are fulfilled, the final step is to complete and submit a CISA application. The primary step here is to fulfill the experience required to be eligible for the certification. This is the stricter part of the CISA certification process where at least five years of experience in information system auditing, control and security is necessary.

There are substitutes for experience allowed by ISACA. These terms have to be read very carefully by the candidate to be eligible for the certificate. An application for certification can then be submitted.

5.    Compliance with the code of ethics

Members of the ISACA or the holders of CISA designation are required to agree to the Code of professional conduct. Failure to do so attracts investigation and disciplinary actions.

6.    Maintain the certification

In order to maintain the active status of the certification, a maintenance fee has to be paid, and all the CPE requirements have to be fulfilled. A total of 20 contact hours are required per year and 120 contact hours within a fixed period of 3 years are required. Refer the CPE policy on the ISACA website to find further details.

Preparing for the exam may seem like a tedious task, but with due planning and preparation, it will be effortless and fruitful. CISA is a well-respected and globally recognized standard for the IT professionals. A CISA certificate adds immense value to the profile and skills of a professional, and you can reap the benefits of the certification in no time.

It is very important to be aware of all the details associated with the examination to avoid any confusion. Refer to the details mentioned above for information of the exam, and you can obtain CISA certification with utmost ease.