Certified Information Systems Auditor

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Certified Information Systems Auditor (CISA) is a globally recognized certification in the field of audit, control and security of information systems. CISA gained worldwide acceptance having uniform certification criteria, the certification a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance. Vacancies in the areas of IT security management, IT audit or IT risk management often ask for a CISA certification.[1] The certification is extremely challenging and is associated with a high failure rate[citation needed]. CISA is awarded by the Information Systems Audit and Control Association (ISACA).[2]

Obtaining the certificate[edit]

The CISA ISACA certificate can be applied for if the following conditions are met [3] and passed the CISA exam

Membership in ISACA[edit]

The CISA certification is not tied to membership in the worldwide umbrella organization ISACA and the local (mostly national) called Chapters.


The world unified CISA exams are conducted three times a year: in June, September and December.[4] The exam consists of 200 multiple choice questions, with one correct answer, must be answered in four hours. In this case, the candidate can achieve a maximum of 800 points. Passing score is 450 points. Some questions are purely statistical. Evaluation criteria is announced to public, but is based on difficulty of the questions. It must be demonstrated in the auditing of IT systems at least five years of professional experience. Related work experience or relevant higher education programs can be credited to a specified key. A CISA candidates to ensure compliance with a Code of Ethics ISACA. After obtaining the CISA certification 20 hours of training must be documented per year and at least 120 in a three-year period to retain certification. A CISA candidate undertakes to comply with the auditing standards of ISACA in the exercise of audits.

See also[edit]