Certified Information Systems Auditor (CISA) certification is offered by Information Systems Audit and Control Association (ISACA). CISA certification is for people who are in charge of monitoring and protecting an organization’s IT and business systems. It is a globally recognized standard for assessing the knowledge and expertise of IT auditors, audit managers, consultants and security professionals.
CISA certification is presented after a comprehensive testing and application process. Following are the details of the process to get CISA certification:
1. Clear the CISA exam
The CISA exam can be taken by anyone interested in Information Systems auditing, control, assurance or security. The exam is 4 hours long and consists of 150 multiple-choice questions. The CISA exam consists of the following subjects:
- Information Systems Auditing Process
- Governance and Management of IT
- Information Systems Acquisition, Development, and Implementation
- Information Systems Operation and Business Resilience
- Protection of Information Assets
A score of 450 or higher is required to pass the exam. You can take the exam in English, Chinese (traditional or simplified), German, French, Japanese, Italian, Spanish, Korean, and Turkish.
2. Fulfill the work experience requirement
The applicant has to show a minimum of five years of experience in Information Systems auditing, control, assurance or security within ten years of applying for the certification or within five years of passing the exam. Work experience qualifies if the day-to-day activities include at least one CISA job practise domain. There are waivers available to complete the required five years of work experience. You can obtain a maximum of three years of waivers.
- One year waiver can be obtained through a 1-year experience in general information systems or general audit work. The experience should be a minimum of 1 year to qualify. The experience should not have been earned during the time claimed for information systems audit and control experience.
- A maximum of three years of waivers can be claimed as an education waiver, including the general systems and audit work experience. You can claim waivers for the following courses:
- 1-year waiver for an associate degree.
- 2-year waiver for bachelor’s, master or doctorate in any field of study.
- 3-year waiver for a master’s degree in Information Systems or related field.
- 2-year waiver for CIMA – Chartered Institute of Management Accountants, full certification.
- 2-year waiver for ACCA member status from the Association of Chartered Certified Accountants.
3. Submit CISA Certification Application form
Once the exam is cleared and the work experience requirements have been met, the next step is filling up and submitting the CISA application form. The CISA application form has to be submitted within five years of passing the exam. You can find CISA online certification application form on ISACA’s website.
4. Comply with maintenance requirements for CISA certification
After receiving the CISA certification, the candidate must uphold ISACA’s professional ethics code, meet the Continuing Professional Education (CPE) requirements, and follow the Information Systems Audit Standards.
ISACA’s Code of Professional Ethics
CISA certification holders have to agree to follow ISACA’s cod of professional ethics to guide their professional conduct. Failure to properly follow the code may lead to an investigation into the matter and even disciplinary action, if necessary. The objective of the code is to ensure that the professional conduct of the certification holders meets certain ethical standards.
CPE hours Requirement
- CISA certification holders are required to earn and report 20 CPE hours annually. The CPE hours must help the holder preserve or advance their knowledge or abilities to carry out CISA related tasks. The holders can also use the CPE hours to fulfil the CPE requirement of other ISACA certifications if they help advance knowledge of those certifications.
- Certification holders are required to pay an annual CPE maintenance fee.
- Earn and report 120 CPE hours every three years.
Information Systems Audit Standards
The final item one must address to maintain CISA certification is the Information Systems Audit standards. Holders must agree to follow the Information Systems Audit standards.