Certified Information Systems Auditor Exam

About the CISA Exam



The Information Systems Audit and Control Association (ISACA) is responsible for the overall development and administration of the Certified Information Systems Auditor (CISA) Examination. The ISACA CISA Certification Board is responsible for the testing and grading of the CISA Examination.

The purpose of the examination is to evaluate the candidate’s technical competence in the performance of information systems audits. The CISA designation is increasingly used by employers as a key criterion when hiring personnel.

If you are eligible, you need to enroll for the examination. Do this early since ISACA offers discounts for early registration. An application form is available at the ISACA website.

Examination guidelines and content descriptions (e.g., the topic coverage, including the weighting by domain) are outlined in the ISACA publication entitled Candidate’s Guide to the CISA Examination and Certification. A copy of this publication can be purchased from ISACA. It can also be downloaded from the ISACA website (http://www.isaca.org). No attempt has been made to repeat this information here. EVERY candidate should read this publication.

ISACA publishes CISA Certification Job Practice Domains (Content Areas), Task Statements, and Knowledge Statements. The statements provide a category listing by examination section and can be found on the ISACA website. A percentage weight is published for each major category.

Examination Dates & Schedule

The CISA Examination is administered the first Saturday in June, September and December.

Examination Questions

The six content areas of the examination are divided into the following subject areas and topics to be tested:

  • Domain 1—The Process of Auditing Information Systems (14%)
  • Domain 2—Governance and Management of IT (14%)
  • Domain 3—Information Systems Acquisition, Development and Implementation (19%)
  • Domain 4—Information Systems Operations, Maintenance and Support (23%)
  • Domain 5—Protection of Information Assets (30%)

The examination will consist of one exam with 200 multiple-choice questions derived from the sections listed above. The ExamMatrix CISA Review is based on this subject outline and the associated weights.  Additionally, the outlines determine the level of required familiarity by the candidate.

The examination contains objective-style questions. The questions typically give the candidate four answer choices. The candidate is to select the best choice from those presented.

The Passing Score

Passing requires demonstrating a competence in all six areas during the four-hour, 200 multiple-choice question exam. A minimum score of 450 demonstrates a consistent standard of knowledge.

Objective questions are mechanically graded and must be answered correctly to receive credit.   Accordingly, there are no penalties for incorrect answers—scores are based upon the number of questions answered correctly.

Leave a Reply