Since 1978, the CISA certification has been a globally accepted standard of achievement among information systems (IS) audit, control and security professionals. More than 106,000 professionals have earned the CISA designation since inception. CISA retention each year consistently remains more than 90 percent.
The CISA certification is sought by those who audit, control, monitor and assess an enterprise’s information technology and business systems. CISAs are recognized internationally as professionals with the assurance knowledge, skills, experience and credibility to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to the enterprise. Often, CISA is a mandatory qualification for employment an information systems auditor.
CISA Certification Requirements
To earn the CISA certification, candidates are required to:
- Pass the CISA examination (offered worldwide every June, September and December, in 11 languages and at more than 240 locations)
- Submit evidence of a minimum of five years of professional IS auditing, control or security work experience
- Adhere to ISACA’s Code of Professional Ethics
- Adhere to the Information Systems Auditing Standards as adopted by ISACA
- Agree to comply with the CISA Continuing Education Policy
CISA in the Workplace
- More than 29,000 serve as audit directors, managers or consultants and auditors (IT and non-IT).
- More than 11,000 are IT directors, managers, consultants and related staff.
- More than 10,000 are employed in managerial, consulting or related positions in IT operations or compliance.
- More than 9,300 are security directors, managers, consultants and related staff.
- More than 2,600 CISAs are CEOs, CFOs or equivalent executives.
- More than 2,500 are CIOs, CISOs, or chief compliance, risk or privacy officers.
- More than 2,400 serve as chief audit executives, audit partners or audit heads.
- SC Magazine selected CISA as a finalist of the 2014 “Best Professional Certification Program” in the Professional Awards category for the fourth year in a row.
- The Australian Signals Directorate listed CISA as a prerequisite for its Information Security Registered Assessor Program.
- CISA is listed among the highest-paying certifications in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI) for 1 July 2013 - 1 October 2013.
- The Securities and Exchange Board of India (SEBI) mandates that trading members who have obtained approval from Exchange for Computer-to-Computer Link (CTCL) trading software are required to have the CTCL trading facility audited by a CISA/CISSP/ISA/DISA-certified auditor.
- The Income Tax Department of India (ITD) requires all e-return intermediaries to be CISA- or ISA-certified.
- CISA was noted as having gained 20% in average market value from 1 April to 1 October 2012 and was listed as a highest-paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI). CISAs are earning premiums that place them in the top 7% of all 268 certifications currently being reported.
- CISA was listed among the four highest-paying certifications in the 2012 IT Skills and Salary Survey by Global Knowledge and TechRepublic.
- CISA is recognized as one of the “Top Five Security Certifications” in a Global Knowledge blog post.
- The Skills Framework for the Information Age (SFIA) has recognized the CISA and CISM certifications by mapping them to the SFIA and showing the relevance of the related skills and experience. (www.sfia.org.uk)
- The World Lottery Association recommends that its auditors be CISAs or CISMs.
- The National Association of Insurance Companies (NAIC) has included CISA among the approved certifications for qualified IT examiners.
- Mobile Share Trading Guidelines issued by Bombay Stock Exchange recognize the CISA certification by requiring the following: "…the member is required to submit the system audit certificate on yearly basis duly certified by the CISA certified or equivalent system auditor..."
- Third-party audits of Smart Order Routing in the Indian securities market must be conducted by a CISA or equivalent.
- A US Drug Enforcement Administration (DEA) regulation notes that CISA is one of two accepted designations that fulfill a requirement for those performing required third-party audits of electronic prescription applications.
- Reserve Bank of India (RBI) requires CISA-qualified personnel to perform IT audits on the IT infrastructure of all banks that hold government securities.
- The DRII Institute for Continuity Management recognizes DRII certification applicants who hold a CISA certification in good standing. DRII offers a 10% discount on courses to these applicants. CISAs qualify for the Certified Business Continuity Lead Auditor (CBLA) certification and get a bypass for the references (experience).
- The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
- The Peruvian supervisory body that rules on financial entities, insurance companies and private pension funds managers has recognized CISA as an internationally renowned certification that attests to the expertise and specialization of internal auditors.
- CISA has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past four years.