CISA (Certified in Information System Auditor) is a certification issued by professional association ISACA.
The purpose of this post is to explain the procedure for a candidate to get CISA certification, and related requirements.
It is important to know two things about CISA Certification:
- CISA Certification is not obtained just by passing an exam; other requirements, as proving a minimum related work experience, are required
- CISA Certification has a limited validity; nevertheless, there are ways to extend it
This post takes into account the conditions that applied on April 2020, and is not expected to be updated; in any case, it will still serve as a guide if conditions are similar. Please check the official website for updates.
Frequently Asked Questions
What are the requirements to get CISA certification?
CISA, unlike other certifications, is not obtained just by passing an exam; you also need to meet some requirements. You may get passing score on CISA exam, but not CISA certitification.
Candidates need to meet these requirements to get CISA certification:
- Get a passing score of CISA exam (in the 5 years before submitting application)
- Submitting required work experience
- Pay CISA Application Processing fees
- Comply with Terms & Conditions (including Code of Professional Ethics, Continuing Professional Education policy, IS auditing standards)
Some of them are explained in deeper detail below.
How do I prepare CISA exam?
Check this post about how to prepare CISA exam.
What is the work experience required to get CISA certification?
The applicant needs to demonstrate at least 5 years of experience in the 10 previous years of application in any of the following areas:
- Information systems (IS) Auditing
- IS Control
- IS Assurance
- IS Security
More specifically, work experience must cover at least one of the 5 CISA Job Practices. They correspond to each chapter of CISA Review Manual.
The applicant could redeem 2 years of experience in this field to 1 year of CISA experience:
- Full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing)
The required experience can be reduced to a maximum of 2 years by using substitutions/wavers. Substitutions/wavers available are:
- A maximum of 1-year of IS experience OR 1-year of non-IS auditing experience can be substituted for 1-year of experience.
- University or college education can be substituted for 1, 2 or 3-years of experience.
- A master’s degree in information security or information technology from an accredited university can be substituted for 1-year of experience.
Check the instructions in this link.
How do I demonstrate the required experience?
Documentation to submit:
- CISA Application form including experience or substitution/wavers details, filled and signed by the candidate.
- One CISA Experience Verification form for each experience, filled and signed by a verifier (i.e., supervisor, manager, colleague or client).
- Copy of degree or letter from university/collegue, or CIMA or ACCA certificate, if any of them applies.
Application templates are available to download in the “Get CISA certified” page of ISACA’s web. You can fill it online using a PDF Viewer like Adobe Reader.
Data you need to enter:
- Applicant Details. Basic identification data (name, ISACA ID, contact details)
- Step 1. Pass Exam. Year when exam has been passed.
- Step 2. Report Work Experience.
- Section A. CISA Job Practice Work Experience. Up to 4 experiences must be entered, including employee and date range. You must detail to which of the CISA Job Practice each experience corresponds; it must be linked to one at least.
- Section B: General Work Experience Wavers. Experience on general IS or audit work.
- Section C: Education Experience Wavers. Studies that can be used as waivers..
- Section D: Experience total. Sum of total years of experience.
Some of the documents need to be signed, so you may consider printing it in order to sign it..
If you have any printed document, you need to scan it as application is submitted online. Use common file formats (jpg, png, pdf).
How much cost to get CISA certification?
The quick answer is: US$1,000. (approx.). And this is assuming that you pass the exam the first time and preparation material does not get outdated.
Preparation material and exams prices are lower if you are an ISACA member.
Total costs when you are an ISACA member:
Professional Membership fee (annual): US$135.00
CISA Review Manual: US$109.00
CISA Review Questions, Answers & Explanations Manual: US$129.00
Exam fee: US$575.00
Application Processing Fee: $50
TOTAL: US$998.00
Total costs when you are not an ISACA member:
CISA Review Manual: US$139.00
CISA Review Questions, Answers & Explanations Manual: US$159.00
Exam fee: US$760.00
Application Processing Fee: US$50
TOTAL: US$1108.00
As a conclusion, if you get to complete the exam on the first year, it is worth to become an ISACA member just from an economic point of view. In any case, there are additional benefits of being an ISACA member.
Take into account that maintaining the certification imply further costs. This ISACA post details much of the related costs.
How do I pay CISA Application Processing fees?
You can buy CISA Application Processing Fees as an item that can be added to basket in this link.
Consider getting a receipt to attach it to application as a payment method.
How do I apply for CISA certification?
(no longer valid since at least 2021-08)
Use the form in this link with these parameters:
Topic: Certifications & Certificate ProgramsCategory: Submit an applicationCertification Type: CISA
Use the form in this link with these parameters:
- Type: Certification
- Case reason: Process, status of application
- Subject: CISA Application
- Description: I would like to submit my CISA application
You can attach multiple files. The attach files must contain, at least:
- CISA Application form
- One CISA Experience Verification form for each experience
- Copy of degree or letter from university/collegue, or CIMA or ACCA certificate, if any of them applies.
- Receipt of payment of CISA Application Processing Fees
How long does it take to get certification after application?
After receiving the application, a notification is sent via email after 2-3 weeks.
The subsequent certification packet (including CISA certificate) is sent via postal mail after 4-8 weeks.
What happens if I fail the exam?
You can retake it after waiting some days. You can do the exam up to 4 times per year. Read this post about retakes.
I have not read anything of reduced exam fees for retaking the exam, so exam fees will probably cost the same.
What is the validaty of CISA Certification?
Continuing Professional Education (CPE) policy determines that certain CPE hours must be completed and reported in a periodical basis to keep CISA Certification
CISA Certification is revoked if:
- CPE’s are not completed or reported annually
- Standards or codes are not followed.
- Membership fee is not paid
Requirements regarding CPE hours:
- Earn and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISA’s knowledge or ability to perform CISA-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
- Earn and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting cycle period.
How do I maintain CISA Certification? How much does it cost?
Getting a certification and maintaining it are topics completely different.
Please check this post about how to maintain CISA Certification.
You might be also interested in…
External References
- “Get CISA Certified” at isaca.org
- “CISA Certification” at isaca.org
[…] How to get CISA Certification […]