Exam Profile: Certified Information Systems Auditor (CISA)
The CISA certification was established in 1978 by the Information Systems Audit and Control Association (ISACA), an association of IS professionals worldwide. Today, there are now over 70,000 candidates worldwide who have successfully passed this rigorous exam. As of 2011, the exam is available in 1two languages.
The CISA is a highly regarded and model certification. Recognition of the CISA is fairly consistent through all regions worldwide, unlike certifications such as CompTIA’s Security+ or those from the SANS Institute, which are US-heavy. In the United States, the CISA is distinguished by the US Department of Defense as one of their few formally-recognized certifications. This respect comes at a priceit’s a certification with a very challenging exam and requires verified work experience.
The exam is open to anyone interested in systems auditing, controls and information security. Obtaining the CISA certification requires passing the exam, plus work experience. It is offered twice a year, administered worldwide on the same day. For the 2011 exams, you may select among 101 countries. In the US alone, it’s available in 77 cities across 22 states.
Additional information about the exam and the certification is in the “CISA Bulletin of Information,” available on the ISACA website.
- Number of questions: 200
- Types of questions: multiple choice
- Passing scores: 450 on a scale from 200 (lowest possible) to 800 (perfect)
- Time limit: four hours (works to just over a 1 minute per question)
- How to Register: You may register for the CISA exam, next available on June 11, 2011, by visiting the ISACA website
Before registering for the exam, you will create an ISACA account (name and e-mail). Then to register, you provide more demographic information, choose a test site, and pay the registration fee. The fee amount depends whether you are an ISACA member or not, available to you during registration.
Earning the CISA Certification
Passing the exam is one of two requirements for gaining the CISA designation. The second is meeting the required amount of work experience. The most straightforward way to complete the requirement is to have five years of systems auditing experience, but several variants of exceptions and substitutions exist, such as having an advanced degree in IT.
Note that many candidates choose to pass the exam before having the work experience. In fact, ISACA encourages candidates to study for and try the exam at any time, but ensures the certification will be awarded only after a candidate can meet the experience requirement. A candidate has five years after their exam to meet this requirement and apply for the certification.
There are other agreements for a candidate regarding ethics and continued education to obtain the CISA. But this article is about the exam, so consult the ISACA website for more details on gaining the certification.