CISA Exam Overview
What to Expect
The Certified Information Systems Auditor exam costs $575 for ISACA members, $760 for non-members. ISACA membership costs $135/year and provides access to study resources alongside the exam discount. You'll face 150 questions in 240 minutes, giving you roughly 1 minute and 36 seconds per question. Scaled score from 200 to 800 with a passing score of 450.
Prerequisites and Audience
Five years of professional experience in IS audit, control, assurance, or security. Waivers of up to three years are available for relevant education or certifications. IT auditors, audit managers, compliance professionals, and security consultants who evaluate information systems. CISA is the standard credential for the IS audit profession.
Staying Certified
Three-year cycle requiring 120 CPE hours (minimum 20 per year) and an annual maintenance fee ($45 for members, $85 for non-members).
CISA What the Exam Tests
Five domains: Information Systems Auditing Process (21%), Governance and Management of IT (17%), Information Systems Acquisition, Development and Implementation (12%), Information Systems Operations and Business Resilience (23%), and Protection of Information Assets (27%). The exam uses Computerized Adaptive Testing.
Information Systems Operations and Business Resilience
Information Systems Operations and Business Resilience carries 26% of the exam weight, making it the single most impactful domain. Allocate your study time accordingly and make sure you can answer questions on this topic confidently before sitting the exam.
Protection of Information Assets
Protection of Information Assets carries 26% of the exam weight, making it the single most impactful domain. Allocate your study time accordingly and make sure you can answer questions on this topic confidently before sitting the exam.
Governance and Management of IT
Governance and Management of IT at 18% is a substantial portion of the exam. You can't afford to be weak here. Focus on understanding the core concepts and common scenario patterns.
Information Systems Auditing Process
Information Systems Auditing Process at 18% is a substantial portion of the exam. You can't afford to be weak here. Focus on understanding the core concepts and common scenario patterns.
Question Format
Multiple-choice, 150 questions in 240 minutes. Questions present audit scenarios and ask you to identify the best course of action as an IS auditor.
CISA How to Prepare
Study Timeline
Three to four months for IT professionals with audit experience. If you're new to auditing, add time to understand audit methodology, evidence gathering, and reporting practices.
Top Resources
The CISA Review Manual, ISACA QAE database, and ISACA review courses. Understanding IT general controls (ITGCs) and common audit frameworks (COBIT, NIST) is essential.
Common Mistakes
Answering as a security professional rather than an auditor. The auditor's role is to assess, evaluate, and recommend, not to implement solutions. When in doubt, choose the answer that involves reviewing evidence, assessing controls, or reporting findings.
Hands-On Advice
Study real IT audit reports to understand findings format and severity classifications. Practice mapping controls to risks. Review the COBIT framework and understand how IT governance connects to business objectives.
CISA Why Practice Tests Matter
Practice tests are the single most effective study tool for the CISA exam. They reveal your weak domains before the real exam does, and getting questions wrong in practice is how you learn. Each practice test here mirrors the real exam format: 150 questions, timed at 240 minutes, with the same 5-domain distribution.
Don't just take practice tests and check your score. Review every wrong answer and understand why the correct option is better. For the CISA, pay special attention to Information Systems Operations and Business Resilience (26%) and Protection of Information Assets (26%) questions since they carry the most weight.
