ISACA’s Certified Information Systems Auditor (CISA) certification is a gold standard that marks an individual’s expertise in auditing and managing information systems, protection of information assets, information systems acquisition, and operation. The Certification program is ANSI accredited, and more than 151,000 people hold this certification currently. It is a massive boost to your career and income. Naturally, there is a huge demand for it.

The basic eligibility is having work experience in the required field, a fee of $575 (for ISACA members), or $760 (for non-members) and an application processing fee of $50, which is non-refundable. So, the certification process is much simpler and faster.


  • Completing the CISA ExaminationAll eligible candidates with interest in information systems auditing, control, and security can take the examination. Successful candidates are provided all the required information to apply for the certification along with their passing scores.


  • Adhering to the Code of Professional Ethics: ISACA members and/or CISA certification holders have to adhere to a Code of Professional Ethics to maintain professional and personal standards.

These ethics include:

  1. Supporting and complying with appropriate standards of maintenance and governance of information systems and technology.
  2. Objectively performing duties with due diligence and professionalism.
  3. Serving in the interests of stakeholders with appropriate conduct and character.
  4. To maintain privacy and confidentiality of information in the course of activities unless there is a legal intervention.
  5. Maintaining competency and taking tasks that can be reasonably completed under their skillset and knowledge.
  6. Informing involved parties about the results and significant facts that may distort the results.
  7. Supporting professional education of stakeholders to help them better understand the governance and maintenance of enterprise information systems and technology.
  1. To fail in complying with this code would invite investigation and if proven, it may lead to disciplinary measures.
  2. Adhering to Continuing Professional Education (CPE) Policy: Certified Individuals have to regularly update their existing knowledge in the required field of Information Systems, auditing, control, and security to maintain competency.
  1. This helps in differentiating qualified CISA holders and people who have not met the qualifications for the continuation of their certification.


CISAs who are better informed about the CPE can provide valuable insights to the company, take leading positions and can better assess the situations. The CISA certification committee takes care of requirements for the CPE, oversees the education process and their applicability.


  • CISA holders agree to comply with Information Systems Auditing Standards as adopted by ISACA. The ITAF is essential to gain guidance on research policies and procedures, audit programs and development reports. The content can be accessed by downloading the ITAF from the MyISACA account.



  • Demonstration of Minimum Work Experience:
  1. A 5-year minimum professional work experience in audit, control, and security of Information systems is a must for the certification. This work experience has to be gained within ten years preceding the date of applying for the certification. Eligible candidates have five years to apply.
  2. Substitutions and waivers to the 5-year minimum can be obtained. This waiver can be awarded up to a maximum of 3 years as follows:
  3. You can substitute 1-year of experience with a maximum of 1-year Information Systems experience or 1-year of non-information systems auditing experience.
  4. A 2-year or 4-year university degree (about 60 to 120 credit hours of university) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively.
  5. 1-year of experience can also be substituted by a master’s degree in information systems or information technology from an accredited university.


However, these substitutions will not satisfy any portion of the 2-year minimum information systems auditing experience requirement.

The exception in this is that every two years as a full-time university instructor in a related field such as computer science, accounting, information systems, auditing can be substituted for 1-year of experience.

It is worth noting that most candidates take the exam prior to meeting these qualifications, which is deemed acceptable by ISACA. However, the CISA designation is not awarded until all requirements are met.

Candidates must apply for the certification within five years of having passed the examination. The application payment must then be finalized, and about 3-4 weeks’ time is expected for the processing.

CISA certified individuals are highly sought after IT professionals in the industry. It offers credibility to your career and recognition among peers and stakeholders. It is an investment worth taking and working towards.