Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) is the world's leading certification for IT audit, control, and assurance professionals. Offered by ISACA, it validates expertise in auditing information systems, evaluating IT governance and risk management, and ensuring compliance. CISA is required or preferred for IT auditor, compliance, and governance roles across regulated industries.

Request Training Email Inquiry

What is the Certified Information Systems Auditor (CISA)?

Who Should Take This Course?

IT Auditors and Internal Auditors
Compliance Officers and Risk Managers
IT Governance professionals
Security Managers with audit responsibilities
External Auditors in technology-focused firms
Control and assurance professionals
Finance and accounting professionals with IT oversight

What You Will Learn in the CISA Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Domain 1: Information System Auditing Process

Plan, conduct, and report on IS audits.

Audit standards, guidelines, and the ISACA IT Audit Framework
Risk-based audit planning and scope definition
Evidence collection: interviews, observation, sampling
Audit reporting and follow-up procedures

Domain 2: IT Governance and Management

Evaluate IT governance frameworks and enterprise IT management.

IT governance frameworks: COBIT, ISO 38500
IT strategic planning and organizational structure
IT portfolio and project management auditing
Third-party and vendor management assessment

Domain 3: Information Systems Acquisition, Development, and Implementation

Assess systems acquisition, development, and testing controls.

SDLC phases and control requirements
Project management controls and feasibility assessment
Application controls and testing methodologies
Change management and post-implementation review

Domain 4: Information System Operations and Business Resilience

Audit operational practices and business continuity controls.

IT operations management and service desk controls
Business continuity plan (BCP) and DR testing
Problem and incident management auditing
Data backup and recovery controls

Domain 5: Protection of Information Assets

Audit information security and data protection controls.

Information security policies, standards, and frameworks
Access control auditing: logical and physical access
Cryptography, network security, and cloud controls
Privacy and data protection compliance

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

5 years of professional information systems auditing experience
Substitutions available for education (up to 3 years waived)
ISACA member in good standing and Code of Ethics compliance
Experience in 2 or more CISA domains

Exam Information

Everything you need to know about the CISA certification exam.

Exam Component	Details
Exam Name	Certified Information Systems Auditor
Exam Code	CISA
Exam Type	Multiple Choice
Total Questions	150
Passing Score	450 (out of 800)
Exam Duration	240 minutes
Language	English, Chinese Simplified, French, German, Hebrew, Italian, Japanese, Korean, Spanish, Turkish
Exam Provider	PSI Exams (in-person or online proctored)
Exam Focus	IT auditing, governance, system acquisition, operations, and information asset protection
Exam Registration	ISACA portal (isaca.org/certification/cisa-certified-information-systems-auditor)
Retake Policy	1-year waiting period; maximum 3 attempts per year
Certification Validity	3 years (120 CPE hours required for renewal)