What topics does a CISA certification cover?

The CISA certification is based on five key domains that reflect the core areas of IT audit and assurance: <li class="OutlineElement Ltr SCXW187445721 BCX8" aria-setsize="-1" data-leveltext="%1." data-font="" data-listid="7" data-list-defn-props="{"335552541":0,"335559685":720,"335559991":360,"469769242":[65533,0],"469777803":"left","469777804":"%1.","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1"> Information Systems Auditing Process – planning, execution, and reporting of audits. <li class="OutlineElement Ltr SCXW187445721 BCX8" aria-setsize="-1" data-leveltext="%1." data-font="" data-listid="7" data-list-defn-props="{"335552541":0,"335559685":720,"335559991":360,"469769242":[65533,0],"469777803":"left","469777804":"%1.","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1"> Governance and Management of IT – ensuring IT supports organisational goals. <li class="OutlineElement Ltr SCXW187445721 BCX8" aria-setsize="-1" data-leveltext="%1." data-font="" data-listid="7" data-list-defn-props="{"335552541":0,"335559685":720,"335559991":360,"469769242":[65533,0],"469777803":"left","469777804":"%1.","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1"> Information Systems Acquisition, Development and Implementation – evaluating system lifecycle controls. <li class="OutlineElement Ltr SCXW187445721 BCX8" aria-setsize="-1" data-leveltext="%1." data-font="" data-listid="7" data-list-defn-props="{"335552541":0,"335559685":720,"335559991":360,"469769242":[65533,0],"469777803":"left","469777804":"%1.","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1"> Information Systems Operations and Business Resilience – managing ongoing operations and continuity. <li class="OutlineElement Ltr SCXW187445721 BCX8" aria-setsize="-1" data-leveltext="%1." data-font="" data-listid="7" data-list-defn-props="{"335552541":0,"335559685":720,"335559991":360,"469769242":[65533,0],"469777803":"left","469777804":"%1.","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1"> Protection of Information Assets – securing data and systems from risk and threats. These domains prepare professionals to identify control weaknesses and mitigate organisational risks effectively.

What are the pre-requisites of a CISA certification?

To take the CISA exam, candidates must have a minimum of five years’ experience in information systems auditing, control, or security. ISACA allows up to three years of this experience to be substituted with: <li class="OutlineElement Ltr SCXW85801439 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="9" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1"> Other certifications (such as CISM or CISSP), <li class="OutlineElement Ltr SCXW85801439 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="9" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1"> Relevant university degrees <li class="OutlineElement Ltr SCXW85801439 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="9" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1"> Teaching experience in information systems or auditing. Candidates can take the exam before meeting this requirement but must fulfil it within five years of passing.

Which roles require a CISA certification?

The CISA certification is ideal for professionals involved in IT auditing, risk, and compliance. Common roles include: <li class="OutlineElement Ltr SCXW239932683 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="10" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1"> IT Auditor / Lead Auditor <li class="OutlineElement Ltr SCXW239932683 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="10" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1"> Information Security Manager <li class="OutlineElement Ltr SCXW239932683 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="10" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1"> Risk and Compliance Analyst <li class="OutlineElement Ltr SCXW239932683 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="10" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1"> Internal Auditor (IT focus) <li class="OutlineElement Ltr SCXW239932683 BCX8" aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="10" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1"> Cyber Risk Consultant CISA is particularly valued in regulated sectors such as finance, government, and healthcare.

Email Download LinkedIn Facebook Twitter

Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) certification from ISACA recognises professionals with expertise in auditing, controlling, and assuring information systems. It’s an essential qualification for IT auditors and governance professionals seeking global recognition.

Looking for a CISA training course?

Get in touch to book

CISA

What is Certified Information Systems Auditor (CISA)?

The Certified Information Systems Auditor (CISA) certification, offered by ISACA, is the globally recognised benchmark for IT audit, control, and assurance professionals. It validates your ability to assess vulnerabilities, report on compliance, and implement effective controls across enterprise information systems.

CISA-certified professionals are trusted to ensure systems are secure, reliable, and aligned with business objectives.

This CISA certification guide was written by our team of cyber security experts.

The CISA certification is based on five key domains that reflect the core areas of IT audit and assurance:

Information Systems Auditing Process – planning, execution, and reporting of audits.

Governance and Management of IT – ensuring IT supports organisational goals.

Information Systems Acquisition, Development and Implementation – evaluating system lifecycle controls.

Information Systems Operations and Business Resilience – managing ongoing operations and continuity.

Protection of Information Assets – securing data and systems from risk and threats.

These domains prepare professionals to identify control weaknesses and mitigate organisational risks effectively.

To earn your CISA credential, you’ll need to:

Pass the CISA exam administered by ISACA.

Agree to ISACA’s Code of Professional Ethics.

Submit verified professional experience — at least five years in information systems auditing, control, or security.

Maintain certification through ISACA’s continuing professional education (CPE) program.

To take the CISA exam, candidates must have a minimum of five years’ experience in information systems auditing, control, or security. ISACA allows up to three years of this experience to be substituted with:

Other certifications (such as CISM or CISSP),

Relevant university degrees

Teaching experience in information systems or auditing.

Candidates can take the exam before meeting this requirement but must fulfil it within five years of passing.

The CISA certification is ideal for professionals involved in IT auditing, risk, and compliance. Common roles include:

IT Auditor / Lead Auditor

Information Security Manager

Risk and Compliance Analyst

Internal Auditor (IT focus)

Cyber Risk Consultant

CISA is particularly valued in regulated sectors such as finance, government, and healthcare.

CISA remains one of the most sought-after certifications for IT audit and governance professionals worldwide. It offers strong career progression and industry credibility.

Global recognition

Trusted by employers in more than 180 countries.

Career impact

CISA-certified professionals earn an average salary between £70,000–£110,000[1], depending on experience and role.

Employer demand

As cyber security and compliance requirements increase, organisations seek professionals who can assess, monitor, and ensure IT control effectiveness.

Professional credibility

CISA demonstrates your ability to evaluate systems objectively, making it a must-have for auditors and compliance managers.

Prepare for CISA with our course

During this CISA training course, delegates will be exposed to the Five Domains of Information Security Auditing. Learn more about our course and how to book here.

4 Days Virtual Classroom

Certified Information Systems Auditor

QACISA

Certified Information Systems Auditor (CISA) is a globally acknowledged certification, which builds upon the previous experience of IS professionals, to produce valuable employees who possess excepti…

From £2,725 ex VAT

Prepare for the CISA exam

What is the exam structure of Certified Information Systems Auditor (CISA)?

The CISA exam includes 150 multiple-choice questions covering ISACA’s five domains. Candidates have 4 hours to complete the exam. The test is available year-round via computer-based testing through PSI testing centres or remote proctoring.

The scoring scale ranges from 200–800 points, with 450 required to pass. The exam evaluates both practical and conceptual knowledge in auditing, governance, and risk management.

Our CISA training course gives learner's comprehensive preparation for CISA, aligned with ISACA’s official exam content. Additional recommended resources include:

The ISACA CISA Review Manual

CISA Practice Questions Database from ISACA

Community study groups and professional forums via ISACA chapters

These resources complement our training course and support self-study and exam readiness.

To maintain certification, professionals must earn 120 Continuing Professional Education (CPE) hours over a three-year period and submit annual maintenance fees. This ensures ongoing competence in evolving audit standards, technologies, and regulations.

Why choose QA for CISA training?

Proud partner of ISACA

We are an accredited, elite partner of ISACA, offering the full catalogue of ISACA certifications.

View all ISACA courses

Expert-led training

QA and its trainers have been recognised for its excellence in delivering ISACA training courses.

Cyber Experts

More ways to learn

Our expert-led CISA training can be taken virtually with an instructor, or in-person in a classroom.

Book CISA now

More Cyber Security Certifications

CISM CIPP OSCP CISSP CIPM AIGP CCISO CRISC Certified Ethical Hacker SSCP OSIR OWASP

Let's talk

Start your digital transformation journey today

+44 113 220 7150 (UK)

First Name*

Last Name*

Business Email Address*

Phone*

Company Name*

Job Title

Let's help direct you to the right team*

Country*

Where are you located?*

Let us know how we can help*

Keep me up to date with QA news, events, blogs & exclusive offers.

By submitting this form, you agree to QA processing your data in accordance with our Privacy Policy and Terms & Conditions. You can unsubscribe at any time by clicking the link in our emails or contacting us directly.