Press Release


 ISACA to Update CISA Exam in 2016 to Reflect Changes in Job Requirements 

Updates reflect real-world job experience of audit and assurance professionals worldwide

Rolling Meadows, IL, USA (31 August 2015)—The demands of the IS audit, control and security industry are constantly evolving. To maintain a pace-setting certification, global IT association ISACA has updated the knowledge areas of the job practice for the Certified Information Systems Auditor (CISA) credential. The revised job practice will be effective beginning with the June 2016 CISA exam.

To update the job practice, ISACA conducted a nine-month assessment of the tasks performed by current CISAs. In 2016, the CISA job practice will be restructured to reflect the latest responsibilities of IS audit professionals:

  • Domain 1—The Process of Auditing Information Systems will become 21 percent of the exam.
  • Domain 2— Governance and Management of IT will become 16 percent of the exam.
  • Domain 3—Information Systems Acquisition, Development and Implementation will become 18 percent of the exam.
  • Domain 4—Information Systems Operations, Maintenance and Service Management will become 20 percent of the exam.
  • Domain 5—Protection of Information Assets will become 25 percent of the exam.

The updated CISA job practice reflects the expertise of nine CISA Practice Analysis Task Force members, 20 independent subject matter expert reviewers and more than 1,500 IS audit, control and security professionals worldwide.

“ISACA regularly assesses its certifications to reflect current and relevant knowledge and experience within the profession,” said Theresa Grafenstine, CISA, CGEIT, CRISC, CIA, CGAP, CGMA, CPA, international vice president of ISACA and the inspector general of the U.S. House of Representatives (House). “The revisions to the CISA job practice will benefit IS auditors who earn the certification by proving they have valuable experience for today’s audit and assurance roles.”

Since CISA was established in 1978, it has been earned by more than 118,000 individuals. One of four globally recognized certifications from ISACA, CISA is regularly among the highest-paying certifications in Foote Partners IT Skills and Certification Pay Index™—most recently for the quarter ending 1 April 2015. CISA was also listed in the top five highest-paying certifications for the second consecutive year in Global Knowledge’s 2015 IT Skills and Salary Survey and is third-highest-paying certification for 2015 in Certification Magazine’s Jobs and Salary Annual Salary Survey.

The CISA exam is administered at more than 250 locations worldwide in June, September and December and is available in 11 languages. Individuals studying from the current CISA job practice are encouraged to register for the December 2015 exam, as the June 2016 exam will be based on the new job practice:

For additional information on CISA, visit For more information on ISACA’s Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials, visit


ISACA ( helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.


LinkedIn: ISACA (Official),



Rachel Acevedo, +1.847.660.5617,
Joanne Duffer, +1.847.660.5564,