CISA Frequently Asked Questions 

CISA Logo 

Get the answers you seek for the topics of Exam Registration & Administration, Certification Requirements and Exam Content.

Exam Registration & Administration
Certification Requirements  |  Exam Content  |  Other

Exam Registration & Administration

  1. When will I receive my admission ticket for the September 2014 exam?
  2. What is the exact location of the test site for my September 2014 exam?
  3. What time should I arrive at the exam site?
  4. Can I still defer my September 2014 exam?
  5. What should I bring to the exam?
  6. What is the next exam date?
  7. How do I provide comments on testing conditions?
  8. How is the exam scored?
  9. Why does it take 5 weeks for CISA and CISM and 8 weeks for CGEIT and CRISC to process exam results?
  10. Why doesn’t ISACA currently offer computer-based testing (CBT)?

1. When will I receive my admission ticket for the September 2014 exam?

Admission tickets for the September 2014 exam were released via email on 31 July 2014. Exam candidates can also download a copy of the admission ticket online in their constituent profile. To download, log in to www.isaca.org from the home page, which upon a successful login will redirect you to the 'My ISACA' tab then click on the myCERTIFICATIONS tab where you will find a link to “Print Admission Ticket”.

Candidates can use either the print out of the email e-ticket or downloaded for entry into the exam. Candidates are not to write on the exam admission ticket.

Any candidate who has not received his/her admission ticket by 1 September 2014 or unable to download a copy should contact the ISACA Certification Department at exam@isaca.org or via phone at +1.847.660.5660.

2. What is the exact location of the test site for my September 2014 exam?

The exam details, including the exact exam location, will be listed on your exam admission ticket. To ensure that you arrive in plenty of time for the exam, we recommend that you become familiar with the exact location and the best travel route to your exam site prior to the date of the exam. Test center phone numbers and web site references will be provided (when available) to assist you in obtaining directions to the facility.

3. What time should I arrive at the exam site?

Your arrival time will be listed on your exam ticket. Please check your admission ticket for the exam time for your exam location as the time can vary by site.

NO CANDIDATE WILL BE ADMITTED TO THE TEST CENTER ONCE THE CHIEF EXAMINER BEGINS READING THE ORAL INSTRUCTIONS. Any candidate who arrives after the oral instructions have begun will not be allowed to sit for the exam and will forfeit their registration fee.

4. Can I still defer my September 2014 exam?

The deadline to defer your September exam to 13 December 2014 is 22 August 2014. Exam deferrals can be placed at www.isaca.org/examdefer. No deferrals will be permitted after this date.

5. What should I bring to the exam?

In addition to your admission ticket, bring several sharpened No. 2 or HB pencils, an eraser, and an acceptable form of photo identification such as a driver’s license, passport or government ID. This ID must be a current and original government issued identification that contains both your name as it appears on the admission ticket and your photograph. Any candidate who does not provide an acceptable form of identification will not be allowed to sit for the exam and will forfeit their registration fee.

Candidates are not allowed to bring any type of communication, surveillance or recording “communication devices (including, but not limited to cell phones, smart glasses, tablets, smart watches, mobile devices, etc.) into the test center. If a candidate is observed with any communication device during the exam administration, his/her exam will be voided and he/she will be asked to immediately leave the test site.

Please visit www.isaca.org/cisabelongings, www.isaca.org/cismbelongings, www.isaca.org/cgeitbelongings, and www.isaca.org/criscbelongings for a list of items which are permitted and are not permitted in the exam site. Personal items brought to the exam site and stored in the belongings area of the testing center may not be accessed until the exam candidate has completed his/her exam.

6. What is the next exam date?

The next opportunity to sit for the exam is 13 December 2014. Registration is currently open for December at www.isaca.org/examreg.

7. How do I provide comments on testing conditions?

Candidates wishing to comment on the test administration conditions may do so at the conclusion of the testing session by completing the “Test Administration Questionnaire.” The Test Administration Questionnaire is presented at the back of the examination booklet.

Candidates who wish to address any additional comments or concerns about the examination administration or content of the examination should contact ISACA international headquarters by e-mail (exam@isaca.org). These comments or concerns are to be received by ISACA within 2 weeks after the examination date. Only those comments received by ISACA during the first 2 weeks after the exam administration will be considered in the final scoring process of the examination.

8. How is the exam scored?

ISACA uses a 200-800 point scale with 450 as the passing mark for the exams. A scaled score is a conversion of the raw score on an exam to a common scale. It is important to note that the exam score is not based on an arithmetic or percent average. For example, the scaled score of 800 represents a perfect score with all 200 questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly.

A candidate must receive a scaled score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established for the exam by the respective ISACA Certification Committee. The passing score of 450 represents the minimum number of questions that must be answered correctly by the candidate in order to demonstrate practical application of the job task and knowledge statements. A candidate receiving a passing score may then apply for certification if all other requirements are met.

9. Why does it take 5 weeks for CISA and CISM and 8 weeks for CGEIT and CRISC to process exam results?

ISACA takes the processing of exam results very seriously. Best practice dictates that item performance be carefully reviewed after each exam administration to ensure that items performed in a fair and consistent manner. Also, ISACA’s policy is to release the results of all of our exams together, rather than individually as they are processed.

Starting in 2013, CISA and CISM exam results will be released within 5 weeks of the exam administration (in place of the 8 weeks as currently exists for CGEIT and CRISC). This change was viable due to the maturity of the respective exams and item pool.

ISACA works with its testing agency to administer our exams in over 250 locations worldwide. The first step in the grading process is the review of the preliminary statistical analysis which begins when a majority of answer sheets are returned. This usually occurs a week or two after the exam administration date. This preliminary analysis is conducted on each exam item in every language that the exam item is offered. Currently, ISACA offers 4 different exams, in up to 10 languages. This step is essential because it identifies items that did not perform well based on statistics. Items with poor statistics are reviewed by the members of the respective certification committee. If an error or inconsistency is discovered within an item, the answer key is adjusted to ensure candidates are not penalized for the error.

Items with performance statistics on translated exams are also reviewed to determine if errors in translation occurred, impacting the candidate’s ability to answer an item correctly. This review is performed by multilingual ISACA members who hold the respective certifications.

Once the answer keys are finalized, a passing point is determined and approved by the Certification Committee for each certification. At this point, the testing agency processes each of the exam candidate’s final grades by converting it into a score between 200 and 800.

ISACA and our testing agency are dedicated to the efficient processing of exam results. We are also committed to performing the proper due diligence so that test results are reliable.

10. Why doesn’t ISACA currently offer computer-based testing (CBT)?

ISACA is often asked why our exams are not offered in an online environment. It’s a great question, especially given that ISACA members and certifieds are primarily IT professionals. It is also an issue that ISACA’s Credentialing and Career Management Board and certification committees continue to evaluate each and every year. There are three primary objectives that ISACA considers when offering exams:

  • Can exams be offered more efficiently?
  • Can exams be offered more securely?
  • Can exams be offered more affordably?

In order to determine whether to move from paper-based testing to computer-based testing, ISACA has weighed various factors including, but not limited to, being assured that:

  • Exam candidates are offered a consistent and suitable exam experience regardless of where they sit for the exam
  • Exam items are properly safeguarded
  • Exams are offered at a reasonable and fair fee

It is clear that there are advantages and disadvantages to offering exams in both paper-based and computer-based formats. Research has indicated that suitable CBT sites are not available in many of the more than 250 locations that ISACA currently offers exams, and many other CBT sites are not viable and secure for high-stakes exams. In addition, we have seen others who have shifted from paper-based testing to CBT increase their exam fees significantly (often by 100%) given the higher administrative costs.

At this time, ISACA’s Credentialing and Career Management Board has determined that the cost of transitioning to CBT would outweigh the benefits to test takers and to ISACA as a whole. ISACA is proud of the success and demand for our certifications that has been achieved, and is committed to continuing to look at additional options for offering ISACA exams

Certification Requirements  |  Exam Content  |  Other


Certification Requirements

  1. What do I need to do if I've received a revocation notice?
  2. Where can I find the CISA application for certification?
  3. Is there a fee to apply for certification?
  4. What are the qualifications to earn the CISA credential?
  5. What does the CISA continuing professional education program require?
  6. Do I need to submit documentation for my CPE hours?
  7. How do I renew my certification and/or report my CPE?
  8. Does ISACA provide discount on certification maintenance (renewal) fees if I have multiple certifications?

1. What do I need to do if I've received a revocation notice?

If you have received a revocation notice, please contact certification@isaca.org.

2. Where can I find the CISA application for certification?

CISA applications are located at Apply for Certification.

3. Is there a fee to apply for certification?

For certification applications received on 1 June 2012 and forward, an application processing fee of US $50 will be required to apply for certification. The application processing fee will support our dedication to efficient and proper processing of certification applications according to industry standards. The fee will also help support the integrity of the application process, which in turn reinforces the strength and reputation of the overall certification programs.

Payment for the CISA application processing fee can be made online at www.isaca.org/cisapay.

4. What are the qualifications to earn the CISA credential?

The CISA designation is awarded to individuals with an interest in Information Systems auditing, control and security who meet the following requirements:

  • Earn a passing score on the CISA exam
  • Adhere to the ISACA Code of Professional Ethics
  • Commit to abide by the CISA Continuing Professional Education Policy
  • Acquire a minimum of 5 years of professional information systems auditing, control or security work experience (as described in the job practice areas). Substitutions and waivers of such experience may be obtained if certain education and general IS or audit experience requirements are met.
  • Comply with Information Systems Auditing Standards

For further details, click here.

5. What does the CISA continuing professional education program require?

In order to become and remain a CISA an individual must agree to comply with the CISA continuing professional education program. This program requires an individual to earn a minimum of 20 hours annually and 120 hours every 3 years of continuing professional education. In addition, an annual maintenance fee of US $45 ISACA member and US $85 non-member is required.

  Download CPE policy

6. Do I need to submit documentation for my CPE hours?

Documentation of CPE hours does not need to be provided to ISACA unless you are selected for an audit of your CPE hours.

7. How do I renew my certification and/or report my CPE?

To renew the certification requires earning and reporting CPE hours annually and over a fixed 3-year cycle period and paying an annual certification maintenance fee.

Our CPE reporting system has recently been enhanced and certified individuals are now able to report CPE as they are earned.

Play View the Video Quick Tour
     Download the PDF Quick Tour
     CPE Reporting FAQs

How to report your CPE:

Log in at www.isaca.org

  • Click on MY ISACA
  • Click on MY CERTIFICATIONS
  • Click on Manage My CPE
  • Scroll down, then click on Add CPE button
  • Enter CPE activity information and click Save.

To pay the annual maintenance fee:

8. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

Yes, for those individuals who renew 3 or more ISACA certifications, ISACA offers a discount on the 3rd and 4th renewal fees of $20 for members and $35 for nonmembers.

Exam Registration & Administration  |  Exam Content  |  Other


Exam Content

  1. How long is the exam?
  2. What does the CISA exam cover?

1. How long is the exam?

A candidate is given 4 hours to complete a 200-question multiple-choice exam.

2. What does the CISA exam cover?

The CISA exam covers 5 IS audit, control or security areas, each of which is further defined and detailed through task and knowledge statements. For details, please go to CISA Job Practice Areas.

Exam Registration & Administration  |  Certification Requirements  |  Other


Other

  1. How do I request additional information or report an issue regarding a current or past credential holder?
  2. How can I become a CISA Exam Item Writer?

1. How do I request additional information or report an issue regarding a current or past credential holder?

To request additional information or to report an issue regarding a current or past credential holder, please contact the CISA certification department:

Email: exam@isaca.org
Tel: +1.847.660.5660
Fax: +1.847.253.1443

2. How can I become a CISA Exam Item Writer?

Apply online to become a CISA Exam Item Writer.

Exam Registration & Administration  |  Certification Requirements  |  Exam Content