Certified Information Systems Auditor

The Certified Information Systems Auditor ( CISA ) is a globally recognized certification in the field of audit, control and security of information systems. Since its introduction in 1978, more than 75,000 people in 160 countries have been certified as CISA. The global distribution and uniform certification criteria, the certification a high degree of awareness and recognition in the fields of IT security, IT audit, IT risk management and governance. Vacancies in the areas of IT security management, IT audit or IT risk management often ask for a CISA certification. The certification is challenging and is associated with a high failure rate.

CISA is awarded by the Information Systems Audit and Control Association ( ISACA ).

Obtaining the certificate

The CISA certificate can be applied for at ISACA if the following conditions are met

  • Passed the CISA exam
  • Experience as an auditor of IT systems
  • Compliance with the Code of Ethics
  • Continuous training
  • Compliance with the standards for audits of information systems

Membership at ISACA

The CISA certification is not tied to membership in the worldwide umbrella organization ISACA and the local (mostly national ) called Chapters.


The uniform global CISA exams are conducted twice a year in June and December. The exam consists of 200 questions that must be answered according to the single -choice in four hours. In this case, the candidate can achieve a maximum of 800 points. At least 450 points, the test is passed.

It must be demonstrated in the auditing of IT systems at least five years of professional experience. Related work experience or relevant higher education programs can be credited according to a defined key. A CISA candidate will ensure the observance of an ethical code of ISACA. To obtain the CISA certification and retain 120 training hours must be detected per year and at least 20 in a three-year period. A CISA candidate undertakes to comply with the auditing standards of ISACA in the performance of audits.