Certified Information Systems Auditor (CISA) Fact Sheet 

CISA Logo 

Since 1978, the CISA certification has been a globally accepted standard of achievement among information systems (IS) audit, control and security professionals.

  View Fact Sheet printable PDF

More than 106,000 professionals have earned the CISA designation since inception. CISA retention each year consistently remains more than 90 percent.

The CISA certification is sought by those who audit, control, monitor and assess an enterprise’s information technology and business systems. CISAs are recognized internationally as professionals with the assurance knowledge, skills, experience and credibility to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to the enterprise. Often, CISA is a mandatory qualification for employment an information systems auditor.

  View the number of ISACA certifications by region

CISA Certification Requirements

To earn the CISA certification, candidates are required to:

CISA in the Workplace

  • More than 29,000 serve as audit directors, managers or consultants and auditors (IT and non-IT).
  • More than 11,000 are IT directors, managers, consultants and related staff.
  • More than 10,000 are employed in managerial, consulting or related positions in IT operations or compliance.
  • More than 9,300 are security directors, managers, consultants and related staff.
  • More than 2,600 CISAs are CEOs, CFOs or equivalent executives.
  • More than 2,500 are CIOs, CISOs, or chief compliance, risk or privacy officers.
  • More than 2,400 serve as chief audit executives, audit partners or audit heads.

CISA Recognition

  • SC Magazine selected CISA as a finalist of the 2014 “Best Professional Certification Program” in the Professional Awards category for the fourth year in a row.
  • The Australian Signals Directorate listed CISA as a prerequisite for its Information Security Registered Assessor Program.
  • CISA is listed among the highest-paying certifications in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI) for 1 July 2013 - 1 October 2013.
  • The Securities and Exchange Board of India (SEBI) mandates that trading members who have obtained approval from Exchange for Computer-to-Computer Link (CTCL) trading software are required to have the CTCL trading facility audited by a CISA/CISSP/ISA/DISA-certified auditor.
  • The Income Tax Department of India (ITD) requires all e-return intermediaries to be CISA- or ISA-certified.
  • CISA was noted as having gained 20% in average market value from 1 April to 1 October 2012 and was listed as a highest-paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI). CISAs are earning premiums that place them in the top 7% of all 268 certifications currently being reported.
  • CISA was listed among the four highest-paying certifications in the 2012 IT Skills and Salary Survey by Global Knowledge and TechRepublic.
  • CISA is recognized as one of the “Top Five Security Certifications” in a Global Knowledge blog post.
  • The Skills Framework for the Information Age (SFIA) has recognized the CISA and CISM certifications by mapping them to the SFIA and showing the relevance of the related skills and experience. (www.sfia.org.uk)
  • The World Lottery Association recommends that its auditors be CISAs or CISMs.
  • The National Association of Insurance Companies (NAIC) has included CISA among the approved certifications for qualified IT examiners.
  • Mobile Share Trading Guidelines issued by Bombay Stock Exchange recognize the CISA certification by requiring the following: "…the member is required to submit the system audit certificate on yearly basis duly certified by the CISA certified or equivalent system auditor..."
  • Third-party audits of Smart Order Routing in the Indian securities market must be conducted by a CISA or equivalent.
  • A US Drug Enforcement Administration (DEA) regulation notes that CISA is one of two accepted designations that fulfill a requirement for those performing required third-party audits of electronic prescription applications.
  • Reserve Bank of India (RBI) requires CISA-qualified personnel to perform IT audits on the IT infrastructure of all banks that hold government securities.
  • The DRII Institute for Continuity Management recognizes DRII certification applicants who hold a CISA certification in good standing. DRII offers a 10% discount on courses to these applicants. CISAs qualify for the Certified Business Continuity Lead Auditor (CBLA) certification and get a bypass for the references (experience).
  • The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
  • The Peruvian supervisory body that rules on financial entities, insurance companies and private pension funds managers has recognized CISA as an internationally renowned certification that attests to the expertise and specialization of internal auditors.
  • CISA has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past four years.

For a more comprehensive list of CISA recognitions, please visit www.isaca.org/recognitions.

CISA in the News

  • SearchSecurity ~ encouraged hiring an IT auditor with CISA certification in an article titled, “Best practices for choosing an outside IT auditor.”
  • The Knowledge Academy ~ “Show Your Expertise by Holding CISA Certification,” encourages CISA certification for enhancing career skills in technology audits and controls.
  • Smart Business ~ “How to prepare for changing salaries in 2012,” includes CISA on its list of top certifications for 2012.
  • Inside India Business ~ January 2012, cites Robert Half’s list of most valued credentials, which includes the CISA certification, in an article titled, “Hiring in 2012? Expect Increasing Competition, Salaries for Financial Candidates.”
  • Internal Audit Report ~ January 2011, urged auditors to obtain the CISA in an article titled, “There’s No Better Certification Than the CISA.”
  • SC Magazine ~ noted in an article titled "Security Certifications: What Decides Know-how?" that the “CISA, in fact, is becoming almost as important as a CPA (Certified Public Accountant) for auditing positions.”
  • ArtWoo ~ “Second on the list of ‘in demand’ certifications is the CISA, which certifies auditors. And there is good news for this group. Auditors are much in demand in a dwindling economy.”
  • Bankinfosecurity.com ~ “The Most In-demand Skills,” states, "Security professionals should look to increase their skills in several areas: Experienced-based certifications—such as ISACA's CISM and CISA certifications. These certifications are usually valued more highly by hiring organizations because they provide an assurance that the holder has extensive experience in their fields…"
  • “If you look at the CISA certification when it first came out, it was something that people thought it would just be nice to have. It’s really evolved. It’s a requirement for some employers in getting hired or promoted. I think it’s become an independent benchmark. You’ll see companies that will say, ‘Our whole security staff has certifications.’”--Everett Johnson, past international president of ISACA (Source: Certification Magazine)


Kristen Kessinger, +1.847.660.5512
Joanne Duffer, +1.847.660.5564
Rachel Acevedo, +1.847.660.5617