Annual CPE Audit 


To help us ensure that all ISACA certified individuals maintain a sufficient level of current knowledge and proficiency in their field, which helps to maintain the integrity of our internationally recognized certifications, an annual CPE audit is conducted of randomly-selected certificate holders to measure compliance with the Continuing Professional Education (CPE) Policy.

Audit Selection Criteria

The audit selection process is as follows:

  • Must be an ISACA certificate holder for at least one of the four core certifications:
    • CISA
    • CISM
    • CGEIT
    • CRISC
  • Must have been certified on or during the calendar year of 2017
  • Auditees are chosen at random


Annual CPE Audit Timeline

The deadline to submit complete and accurate support documentation for CPE hours reported in the 2017 calendar year is
Friday, 30 March 2018.


Submitting Documentation

All support documentation should include:

  • Your name as the attendee/presenter
  • Name of the sponsoring organization
  • Title of activity and description
  • Date of the activity
  • The number of Continuing Professional Education (CPE) hours awarded

Documentation must be in the form of a letter, certificate of completion/attendance, Verification of Attendance form or other independent attestation proof of completion.

If you are unable to provide original documentation, you may utilize the Verification of Attendance form.

Once you have gathered all CPE supporting and compliant documentation inclusive of the requirements stated above, keep the originals for your records and submit PDF copies via our support page following these easy steps:

  • Visit our support page at
  • Select Certifications & Certificate Programs
  • Select CPE Audit
  • Complete all required fields
  • Include “Response to Audit Request” in the subject line
  • Attach documentation


Your CPE Audit Process Resources by Certification

CISA Audit Resources CISM Audit Resources

For additional languages, please click here.
Additional languages can be found on the right-hand side of the web page under the “CPE Policy” section.

For additional languages, please click here
Additional languages can be found on the right-hand side of the web page under the “CPE Policy” section.

CGEIT Audit Resources CRISC Audit Resources


Additional CPE Audit Process Resources

Frequently Asked Questions

Q. What is the selection criteria of ISACA’s Annual CPE Audit?

A. CISA, CISM, CRISC, and CGEIT Certification holders who have reported CPE hours for the year prior are randomly selected for the audit. Certification holders who retired their certification during the audited year or who were audited in the prior 2 years for the same certification will be waived from the audit.

Q. I was previously audited for my CPE. Why am I being audited again?

A. As the audit selection process is random, it does not exclude individuals who have been selected in previous years. For this reason, a person may be selected multiple times.

Example 1: A customer with 2 certifications may be audited on consecutive years, but only for the CPEs reported for the certification that was not audited in the prior year.
Example 2: A customer with 2 certifications may be audited on CPEs reported for both certifications in the same year, but only if they were not audited in the prior 2 years.

Q. I do not have compliant documentation for the CPE that I reported (because my laptop crashed; my documents were stored on a machine with my previous employer; I lost the documentation; etc.). How should I proceed?

A. We suggest that you contact the sponsoring organizations for the activities you attended for duplicate CPE certificates or other proof of attendance.

Q. I cannot obtain compliant documentation to support the CPE hours and/or I added CPE hours for an activity that is not yet completed. What will happen?

A. CPE hours should only be added after an activity is completed and you have compliant documentation for the activity. If you cannot produce compliant documentation for the activity you will not be able to claim the activity for the CPE audit and your CPE audited hours will be reduced or updated accordingly. Please note that when your hours are reduced you will still need to be able to meet your annual and/or three-year cycle requirements in order to be compliant with the audit. If the reduction makes you short of the CPE requirement(s) then your certification will be subject to revocation.

If after using these resources you have additional questions regarding the Annual CPE Audit Process, contact the ISACA Customer Experience Center.

  • Visit to chat with one of our agents or to submit an inquiry (please select “Certifications & Certificate Programs”, then “CPE Audit”)
  • Call +1.847.660.5505 (hours of operation are Monday – Friday, 7am – 5pm CDT)