The CISA qualification
Established in 1978, the Certified Information Systems Auditor (CISA) qualification awarded by ISACA® is the globally accepted standard of achievement among information systems (IS) audit, control, and security professionals.
IT Governance is the exclusive approved reseller of ISACA publications and offers the complete range of official ISACA study guides, which are designed to help you pass the CISA examination at the first attempt
What are the requirements for the CGEIT qualification?
The CISA certification is awarded to candidates with at least five years of relevant work experience who pass a rigorous written examination.
- Domain 1: Framework for the Governance of Enterprise IT (25% of exam)
“Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise.”
- Domain 2: Strategic Management (20% of exam)
“Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.”
- Domain 3: Benefits Realization (16% of exam)
“Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.”
- Domain 4: Risk Optimization (24% of exam)
“Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.”
- Domain 5: Resource Optimization (15% of exam)
“Ensure the optimization of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives.”
For more information, please see the official ISACA 'How to Become CISA Certified' web page.
How do you pass the CISA exam at the first attempt?
We recommend the following:
- Check that you have the relevant five years of work experience to qualify
- Register and schedule your exam direct with ISACA
- Purchase the official ISACA study guides and third-party textbooks
- Plan a self-study program that covers all of the key knowledge domains
- Attend an exam preparation training course a few days before you sit the exam
How to register and schedule the CISA exam
The CISA exam is offered via a computer-based testing (CBT) sessions, which are available all year round. All candidates must first register online direct with ISACA and pay for the examination in advance. They will then receive email instructions on how to schedule an exam appointment at a local PSI exam centre.
For further information, please review the ISACA Exam Candidate Information Guides.
Maintaining your CGEIT
The CGEIT CPE (continuing professional education) policy aims to ensure that all CGEITs maintain an adequate level of knowledge and proficiency by attaining and reporting 20 CPE hours a year.
In addition, a minimum of 120 contact hours are required during a fixed three-year period. Failing to comply with these requirements will result in your CGEIT designation being revoked.
See the Maintain Your CGEIT page on the ISACA website for further details.
Continuing professional education
There is a continuing professional education (CPE) policy in respect of qualified CISA professionals. The goal of this policy is to ensure that all CISAs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
CISAs who successfully comply with the “continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organizations.” The responsibility for setting the continuing professional education requirements rests with the CISA Certification Board, which oversees the process and requirements to ensure their applicability.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period.
See the Maintain Your CISA page on the ISACA website for further details.