CISA
ISACA CISA
The ISACA Certified Information Systems Auditor (CISA) is the gold standard credential for IS audit, control, assurance, and security professionals. It validates the ability to assess organizational IS controls, audit IS systems, evaluate IT governance, oversee system development, and protect information assets — skills required in financial services, government, and enterprise IT audit roles worldwide.
CISA Exam Overview
| Detail | Information |
|---|---|
| Full Name | ISACA CISA |
| Governing Body | ISACA |
| Number of Questions | 150 |
| Time Limit | 4 hours |
| Passing Score | 450/800 |
| Exam Fee | $575 (ISACA members) / $760 (non-members) |
| Category | IT Certifications |
| C3RT App Available On | iPhone, iPad, and Mac |
| Official Source | ISACA official website ↗ |
CISA Content Areas and Domains
| Domain / Content Area | Exam Weight |
|---|---|
| Information System Auditing Process | 21% |
| Governance and Management of IT | 17% |
| Information Systems Acquisition, Development and Implementation | 12% |
| Information Systems Operations and Business Resilience | 23% |
| Protection of Information Assets | 27% |
Domain weights are approximate and based on the ISACA content outline. Always verify at the official source before your exam.
Topics Covered
- ✓ Information System Auditing Process — audit planning, risk-based auditing, evidence, audit reporting
- ✓ Governance & Management of IT — IT governance frameworks (COBIT), IT strategy, resource management, performance monitoring
- ✓ Information Systems Acquisition, Development & Implementation — SDLC, project management, change management, testing
- ✓ Information Systems Operations & Business Resilience — IT service management, incident management, BCP, DRP
- ✓ Protection of Information Assets — logical and physical access controls, encryption, vulnerability management, data classification
How C3RT Helps You Pass the CISA
Adaptive Practice
Questions adapt to your weak areas automatically so every study session on the CISA is time well spent.
Diagnostic Mocks
Full-length mock exams timed to the real CISA format with detailed score breakdowns by topic.
Mistake Bank
Every wrong answer is saved for targeted re-drill. The system resurfaces your mistakes until they stick.
Native on iOS & Mac
Built with SwiftUI, not a web wrapper. Instant load, offline support, hardware-speed rendering.
CISA Frequently Asked Questions
What does CISA stand for?
CISA stands for ISACA CISA. It is administered by ISACA.
Who administers the CISA?
The ISACA CISA (CISA) is administered by ISACA. For official information, visit the ISACA website.
How many questions is the CISA?
The CISA consists of 150 questions. Candidates are given 4 hours to complete the exam.
What is the passing score for the CISA?
The passing score for the CISA is 450/800, as set by ISACA. Scoring methodology and passing standards may be updated periodically. Always verify current requirements with the governing body.
How much does the CISA exam cost?
The CISA exam fee is $575 (ISACA members) / $760 (non-members). This fee is set by ISACA and may vary by testing centre, region, or membership status. Additional fees for registration or rescheduling may apply.
Who is CISA designed for?
CISA is designed for IS auditors, IT audit managers, IT consultants, compliance officers, and security professionals who perform IT audits or assess IT controls. Common employers are Big Four accounting firms, internal audit departments of large enterprises, financial regulators, and government agencies. CISA is required or preferred for many internal audit roles in regulated industries.
What are the CISA experience requirements?
CISA requires 5 years of professional IS audit, control, assurance, or security work experience. Substitutions are allowed: a 2 or 4-year degree can substitute for 1 or 2 years of experience respectively. Some university programs and related certifications also qualify. Experience must be verified by ISACA before the credential is awarded.
What is COBIT and why does CISA test it?
COBIT (Control Objectives for Information and Related Technologies) is the leading IT governance framework developed by ISACA. CISA tests COBIT because IS auditors use it to assess IT governance maturity — evaluating whether IT processes align with business goals, whether controls are adequate, and where gaps exist. Understanding COBIT governance domains (Evaluate, Direct, Monitor) is essential for CISA.
Is CISA harder than CISM?
CISA and CISM are comparable in difficulty — both use scenario-based questions testing judgment, not technical recall. CISA questions focus on audit methodology, control evaluation, and governance assessment. CISM questions focus on security program management decisions. Candidates with audit backgrounds typically find CISA easier; those with security management backgrounds typically find CISM easier.
How difficult is the ISACA CISA exam?
The ISACA CISA (Certified Information Systems Auditor) is considered moderately to significantly challenging. ISACA reports pass rates around 50–60% for first-time candidates. The exam tests professional judgment in IS audit, control, and assurance across five domains. Its scenario-based questions require applied professional experience rather than textbook memorization.
What are the eligibility requirements for ISACA CISA?
You must have five years of professional information systems auditing, control, or security work experience. Up to three years of experience can be substituted by approved degrees or certifications (e.g., a two-year degree substitutes for one year; a four-year degree substitutes for two years). You may sit for the exam before meeting the experience requirement, but CISA is not awarded until experience is verified.
How long should I study for ISACA CISA?
Most candidates invest 3–5 months of preparation using the official ISACA CISA Review Manual, Question, Answers & Explanations (QAE) database, and ISACA study courses. Working through hundreds of practice questions is critical since the exam heavily emphasizes professional judgment in audit scenarios.
What career value does ISACA CISA provide?
CISA is the global gold standard for IT audit and assurance professionals. IS auditors, IT risk managers, and compliance officers with CISA typically earn $90,000–$140,000+. It is widely required by Big Four audit firms, banks, and large enterprises for IT audit roles.
What is the ISACA CISA retake policy?
ISACA allows candidates to retake the CISA exam three times in a 12-month window with no mandatory waiting period between attempts. Fees apply for each retake registration.
How long is the ISACA CISA credential valid?
CISA requires annual renewal through continuing education and payment of the annual maintenance fee. There is no fixed three-year expiration — instead, it requires ongoing CPE to maintain active status.
What continuing education is required for ISACA CISA renewal?
Renewal requires 120 CPE hours over a three-year reporting period, with a minimum of 20 CPE hours per year. An annual maintenance fee must also be paid. ISACA-approved activities including training, conferences, self-study, and professional presentations all count toward CPE.
How does ISACA CISA compare to ISACA CISM and ISACA CRISC?
All three are prestigious ISACA credentials but cover different domains. CISA focuses on IS audit, assurance, and control — the credential for IT auditors. CISM focuses on information security management — the credential for security managers and CISOs. CRISC focuses on IT risk identification, assessment, and response — the credential for enterprise risk professionals. Many senior audit and security leaders hold multiple ISACA credentials. CISA is typically the most valuable for Big Four and internal audit careers specifically.
C3RT is a native iOS and macOS exam preparation platform covering the ISACA CISA (CISA), a IT Certifications certification, administered by ISACA. C3RT is not affiliated with or endorsed by ISACA. Certification names and trademarks are the property of their respective organisations. For official exam registration, eligibility requirements, and content outlines, visit the ISACA official website ↗ .