Certified Information Systems Auditor (CISA) is a professional certification for IT audit professionals sponsored by the Information Systems Audit and Control Association (ISACA). Candidates for the certification must meet requirements set by ISACA.
Candidates for a CISA certification must pass the examination, agree to adhere to ISACA’s Code of Professional Ethics, submit evidence of a minimum of five years of professional IS auditing, control, or security work, and abide by a program of continuing professional education. Substitutions and waivers of such experience may be obtained as follows: A maximum of one year of information systems experience OR one year of financial or operational auditing experience can be substituted for one year of information systems auditing, control, or security experience. 60 to 120 completed college semester credit hours (the equivalent of an Associate or Bachelor degree) can be substituted for one or two years, respectively, of information systems auditing, control or security experience. Two years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for one year of information systems auditing, control or security experience.
The exam consists of 200 multiple-choice questions that must be answered within 4 hours. The exam is split between 6 Content Areas as of 2006: IS Audit Process – 10% of Exam IT Governance – 15% of Exam Systems and Infrastructure Lifecycle Management – 16% of Exam IT Service Delivery and Support – 14% of Exam Protection of Information Assets – 31% of Exam Business Continuity and Disaster Recovery – 14% of Exam The exam is now offered in 11 languages at more than 200 locations worldwide in June and December.