CISA (Certified in Information System Auditor) is a certification issued by professional association ISACA.
The purpose of this post is to provide information to future exam candidates about how to pass the exam, based on my own experience.
I passed it on the first attempt on May 2020.
Frequently Asked Questions about the exam
How long do I need to prepare the exam?
This answer is different depending on each person: how many hours are going to spend on this per week, how much do you know about the subject, etc.
As a general reply, I heard once you need from 3 to 6 months.
In my case, having a full time job but dedicating most of the free time I had (including weekends), it took me 30 days just to read the CISA Review Manual and other 15 to perform all tests. Then 15 days more to review some parts of Review Manual and repeat tests. I passed it at the first attempt.
What is the recommended material for exam preparation?
The official resources to prepare the exam is:
- CISA Review Manual (printed or eBook)
- CISA Review Questions, Answers & Explanations Manual (printed or eBook)
- Temporary subscription to CISA Database (online)
- Official courses
They are all available to buy, subscribe on enroll on ISACA web.
You may not need to use all the resources to pass the exam. In my case, I just use the two first: CISA Review Manual and CISA Review QA&E Manual.
Ensure you get the latest version of the material, as there is a new edition each 5 years at maximum.
There may be unofficial material and courses as well. I do not have experience with unofficial CISA resources.
Can I prepare the exam with not-the-latest material?
It may happen that you have acquire preparation material, but then you discover that there are newer editions available for Review and Review QA&E Manuals.
If it is your case, you may wonder if you can pass the exam with not-the-latest material:
- If you ask to ISACA Community, they will reply you that you cannot and you need to buy latest material.
- In other forum, some opinions say it will still be valid if it is not too old (previous edition or so)
In my case, I passed the exam using Review 26th and Question 11th Edition when edition 27th and 12th (respectively) were already published. It worked for me in my circumstances, but I cannot assure this decision is correct for every edition upgrade or exam candidate. Personally, I would recommend to work with the latest editions if possible.
How can I prepare the exam?
The exam preparation technique must be adapted to the exam candidate previous knowledge and capacities. I am going to explain what worked for me, but you may adapt these steps to yourself.
- Read “Review Manual”
- Text is sometimes quite dense. In order to make the read process more comfortable, I highlighting titles, key concepts, topics and bullet point titles.
- I tried to make the read agile and not to get stuck on any specific page. If I felt that a section required a review from my side, I noted it down to review it later.
- It took me 1 month just to read and highlight the manual.
- Complete all questions in “Review QA&E Manual”
- Try to guess the result before checking the solutions, as it is easier to remember an answer if there is an emotion involved (satisfaction of having chosen the correct answer, frustration of having responded it incorrectly).
- If you have the paper version, you may used a paper sheet to cover the solutions while you are still reading the answers.
- I found very useful to make a mark next to a question each time I fail it or when I found it was a tricky one that was worth to be reviewed. This help you to focus on them when reviewing questions.
- Whenever I needed to look up “Review Manual” to check an answer, I found useful to write down the page where it was explained next to the question in “QA&E Manual”.
- It took me 15 days to read, answer and check all questions.
- Review topics from “Review Manual”
- At this point, I had clear which points were less clear to me. So I could revisit these topics.
- Some exam candidates recommend to read the whole “Review Manual” on this step. Do it if you feel you need it or if you are plenty of time. I did not do it as I had time constraints.
- This step and the next two took me 15 days.
- Simulate full exam
- There is a full exam sample at the end of “Review QA&E” manual. If you use the online database, you will probably have an exam simulation option.
- Try to simulate the exam on real conditions: switch off your mobile phone, do not interrupt the exam until you have finished it, do not stand up during the exam time, do not go to the toilet, do not eat and do not drink. Like this, you will get a better idea of how to be well prepared for the real exam.
- Check the the results. Calculate the percentage of fails per job domain to assess which is the chapter you need to reinforce.
- Review the incorrect answers.
- Review failed questions
- Review failed question on “QA&E”.
- If you do not have time constraints, you may want to review all questions.
Once you feel you are ready to do the exam, you can register for the exam.
How do I register to CISA exam?
You can register to CISA exam from ISACA web.
You need to find an available slot for the exam. So try to book it in advance.
There are occasional offers and reductions; look for them on ISACA’s web and social networks.
How is the exam?
Exam is described on ISACA web and in the last pages of Review Manual.
I recommend not to study the day before and the day of the exam. It is better to perform this test with clear mind and well rested, as it is a very long test (4 hours!) and quite exhausting.
In my case, I completed it in remote / proctor mode on May 2020. Some comments here may not apply anymore.
Be sure you are on the exam place and connected at least 30 minutes before; consider this advice for both on-site and remote exams.
Exam is done through a computer, using a product from a provider called PSI.
For remote mode only: If you have any issue during the exam that cannot be solved through proctor live chat, you may contact either ISACA or PSI on the e-mail or phone.
4 hours is a very long time. Be sure you are well feed, hydrated (food and drinks are not allowed) and relieved (you cannot go to the toilet neither) before the exam start. Switch off your mobile phone to avoid distractions.
Do not make any plans right after the exam. In case there is a delay, you will need longer time.
In my case, my exam started one hour and a half later than expected. I hope it was just because it was the first month were proctor exams were organized.
When will I know exam results?
Provisional results are published in the last screen before closing the exam. The provisional results are just “passed” or “not passed”.
In case you have missed the result, you can ask for it on the ISACA’s Live Chat Support (click on the link, then scroll down until you see the “Live Chat” link).
Definitive exam results are received to your e-mail after a maximum of 10 days. Definitive exam gives you the total score and percentage of correct answers per Job Domain.
What can I do if I fail the exam?
If this is your case, I would like you to encourage you to keep trying hard to get it, you are just closer to the goal!
You can retake the exam if you fail it, but you may find some restrictions:
- Time between each exam. It depends on your number of attempts.
- Limitation of number of exams taken per year.
I ignore if retry exam fees are lower than first attempts or prices are exactly the same.
You might also be interested in…
- “CISA Exam” at isaca.org