CISA (Certified Information Systems Auditor)
The dominant IT-audit credential globally; required de facto for SOX IT-control audits at public companies and IT-audit roles at Big-4 firms. Strong overlap into cybersecurity-audit career paths.
Disclosure: This page contains affiliate links.
Visit Official Site →Founded
1978
HQ
Schaumburg, IL, USA
Target Audience
IT auditors, IT compliance professionals, IT governance specialists, SOX IT-control auditors at Big-4, internal audit teams, and IT compliance functions at regulated industries.
Key Features
- 150 multiple-choice questions, 4 hours, scaled scoring 200-800 (450 to pass)
- Five domains: Information System Auditing Process (~21%), Governance & Management of IT (~17%), Information Systems Acquisition/Development/Implementation (~12%), IS Operations & Business Resilience (~23%), Protection of Information Assets (~27%)
- CBT format at PSI testing centers or via online proctoring, year-round
- Pass rate: ~55-60% (ISACA reporting)
- Required: 5 years of professional IS auditing/control/security experience (waivers reduce to as low as 1 year with degree + general experience + CPE)
- 20 hours of CPE annually + 120 hours over 3-year cycle
- ~170,000+ active CISAs globally; deeply embedded in Big-4 IT-audit practices and corporate IT-compliance
How to Get This Certification
Prerequisites
5 years of professional IS audit/control/security experience (within 10 years of exam pass or 5 years post-pass). Substitutions: bachelor's degree (1 year credit), master's (1 year), 2 years teaching/training in related field, or 1 year general IT operational experience.
Why Get Certified — ROI
Salary Impact
CISAs in the US report a $15,000–$35,000 premium versus non-certified IT auditors (ISACA 2024 IT Audit Compensation Study). Median US CISA total compensation: $110,000-$150,000.
Career Benefits
- What makes this stand out
- The dominant IT-audit credential globally; required de facto for SOX IT-control audits at public companies and IT-audit roles at Big-4 firms. Strong overlap into cybersecurity-audit career paths.
- Industry recognition
- ISACA proprietary; ANSI/ISO 17024 accredited.
Job Market Recognition
ANSI/ISO 17024Cost vs Return
$575
Pricing
$15,000/yr
Salary Impact
~2w
Estimated payback
Who Should Get This Certification
Ideal for:
- IT auditors
- IT compliance professionals
- IT governance specialists
- SOX IT-control auditors at Big-4
- internal audit teams
- and IT compliance functions at regulated industries.
Consider alternatives if:
- Sits at the intersection of audit and IT — useful for IT-audit specialists, less so for either pure financial-audit (CPA/CIA) or pure cybersecurity (CISSP/CISM) career tracks
- 5-year experience requirement is high; substitutions help but only partially
How to Maintain This Certification
- Renewal cycle:
- 3 years
Pricing
| Item | Price |
|---|---|
| Exam Fee Member | $575 |
| Exam Fee Nonmember | $760 |
| Currency | USD |
| Isaca Membership Annual | $165 |
| Application Fee Post Pass | $50 |
| Annual Certification Maintenance Fee Member | $45 |
| Annual Certification Maintenance Fee Nonmember | $85 |
| Review Materials Isaca Official Member | 189–999 |
| Total Typical Path | 1200–2000 |
| Cpe Hours Required 3yr | $120 |
| As Of | 2025 |
Weaknesses
- Sits at the intersection of audit and IT — useful for IT-audit specialists, less so for either pure financial-audit (CPA/CIA) or pure cybersecurity (CISSP/CISM) career tracks
- 5-year experience requirement is high; substitutions help but only partially
- $45-85 annual maintenance fee + CPE adds long-term cost
- Pass-rate disclosures are limited (ISACA publishes less granular pass-rate data than AICPA/IIA)
Markets Served
Global
Disclosure: This page contains affiliate links.
Compare with Similar Certifications
CPA (Certified Public Accountant)
The only US credential authorized to issue audit/attest opinions on financial statements — a regulat
CMA (Certified Management Accountant)
The global management-accounting credential; particularly strong fit for industry/corporate FP&A and