How to become CISA certified – Certification requirements [Updated 2019]

July 11, 2019 by Hannah George

CISA certification is designed for professionals who want to showcase their knowledge and experience in information system (IS) control, assurance and security. This certification by ISACA is globally recognized and is considered to be the gold standard. Having a certification like CISA gives you all the credibility you need to move forward in your career as an IS professional. CISA not only enhances your professional credibility, but also eases your hiring process and boosts your future earning potential.

The CISA exam consists of 150 multiple-choice questions and you will be given four hours to complete the exam. ISACA uses a 200-to-800-point grading scale and you must score 450 or above to pass the exam. The passing score represents a minimum number of questions a candidate must answer correctly to demonstrate the practical application of his job. Once the candidate passes the exam, he can apply for the certification.     

Three steps to CISA certification

1. Meet the experience requirement: After passing the exam, the final step is to submit the application for the certification. The candidate needs to have minimum of five years of professional experience in IS auditing, control or security. Fortunately, waivers to experience are available. A candidate with three years of experience can obtain the certification on the following basis:

  • Maximum one year experience in IS, or one year of experience in non-IS auditing can be substituted for one year of experience.
  • 60 to 120 university semester credit hours (which don’t have the ten-year preceding restriction) can be substituted for one or two years of experience.
  • A bachelors or masters degree from a university that uses the ISACA curriculum can be substituted for one year of experience.
  • A masters degree in IS or IT from a recognized university can also be substituted for one year of experience.
  • A candidate with two years of experience as a university instructor (full time) in computer science, IS auditing or accounting can be substituted for one year of experience.
  • Three years of IS auditing, control or security experience, or two years of IS audit, control or security experience and one complete year of non-IS audit or IS experience of two years experience as university instructor (full time).

Some candidates take the CISA exam even though they don’t meet the experience requirements. This practice is acceptable but you will not be awarded the CISA designation until you meet all the requirements. Note that work experience for the certification must be gained within 10 years of applying for the certification or five years from the date of passing the CISA exam.

2. Maintain the certification: Once you meet the experience criteria, you can apply for the certification here. Obtaining the certification is not your last step; you must also maintain it to keep getting benefits from your new designation. Here are the maintenance requirements:

  • Adherence to the code of professional ethics: CISA holders need to agree to the code of professional ethics for guiding their personal and professional conduct.
  • Adherence to CEP program: CISA holders must adhere to the Continuing Professional Education Program. Here are its objectives:
    • Maintain individual competency by updating the knowledge and skills in the area of IS auditing, control or security.
    • Provide a means for differentiating between qualified CISAs and non-qualified who haven’t met the requirements for the certification’s continuation.
    • Provide a mechanism to monitor IS audit, control and security, and maintain the competency of the professional.
    • Help the top-level management develop a sound IS audit, control and security functions by providing criteria for the selection and development of personnel.
    • Other than this, a minimum 20 contact hours of CPE and a maintenance fee are required on an annual basis.

3. Compliance with IS auditing standards: All individuals who hold the CISA designation must agree to adhere to the ISA auditing standard developed by ISACA.

Once you successfully become CISA designated, your value to employers increases. Your certification will demonstrate you have gained and maintained the knowledge required for meeting the dynamic challenges of IS auditing, control and security of a modern enterprise. You will have a competitive edge over your peers, and since this certification is globally recognized, your global market worth will increase, too.

Posted: July 11, 2019
Hannah George
View Profile

I am Hannah George. I am positivity engager, tech blogger & coffee addict. I have a degree in Journalism and Modern Greek Studies from San Francisco State University. Writing is my passion and I write about tech news, trends, new apps and other tangentially related topics with a particular interest in wearables and exercise tech. When I am not writing, I go out biking on long trails. I live in San Francisco with my pet cat Sushi.

Leave a Reply

Your email address will not be published.