CISA FAQs:Qualifications for the Exam

From The FAQ Project

Jump to: navigation, search


You have decided to go for the CISA® Certification !

First – how do I know whether I qualify for the certification

Yes, it's always good to know your strengths before taking the plunge ! Check if your education, experience and knowledge meets the requirements set by ISACA.
Education : None defined but degree holders are entitled to a waiver of upto two years from the minimum requirement 5 year work experience needed.
Experience : 5 years in IS audit, control, assurance, security within the past 10 years or within 5 years from passing the exam.
Knowledge : Take the demo exam and see how you score. In any case what you score in the demo should not be a decision factor since it is there to give you a feel of the exam style. Your experience and domain knowledge are what will get you through the exam and to being certified.
Quoted from Requirements for CISA® Certification - ISACA.
A minimum of five years of professional information systems auditing, control or security work experience (as described in the job practice areas) is required for certification. Substitutions and waivers of such experience may be obtained as follows:
- A maximum of one year of information systems experience OR one year of financial or operational auditing experience can be substituted for one year of information systems auditing, control or security experience. 60 to 120 completed college semester credit hours (the equivalent of an Associate or Bachelor degree) can be substituted for one or two years, respectively, of information systems auditing, control or security experience. - A bachelor's or master's degree from a university that enforces the ISACA sponsored Model Curricula can be substituted for one year of information systems auditing, control, assurance or security experience. To view a list of these schools, please visit This option cannot be used if three years of experience substitution and educational waiver have already been claimed. - Two years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for one year of information systems auditing, control or security experience.
Experience must have been gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the examination. Retaking and passing the examination will be required if the application for certification is not submitted within five years from the passing date of the examination. All experience must be verified independently with employers.

I do not have 5 years work ex :(

No problem, you have 5 years after passing the exam to apply for certification. So you can build up your experience once you have passed he exam.

Are there any waivers which I can get for my experience etc

Yes there are waivers which are listed here

OK I believe that I can do both the CISA® and CISM® certifications - is this possible ?

This is great, but sorry you cannot do both at one time ! Since both the exams are held on the same day, same venue and same time, it is not possible for you to appear for both the exams at one go. You will have to take one exam, and then the other. So please be careful when you are registering for the exam - do not go rush in and pay for both exams. Decide carefully which certification you want to pursue first and then make your payment.

So what is my next step ?

Register for the exam asap. The exam is held twice a year so it makes sense to register right away and not lose out the opportunity for getting certified at the earliest. Go to the Exam Registration page on the ISACA website right away if you want to (you can come back to this page later).

Personal tools