What Is CISA Exam and Tips How To Pass CISA Exam

  • CA Omkar Daithankar is sharing with us everything about CISA. He is from Nasik, India, and is a Chartered Accountant, B.Com, and CISA (USA).
  • He completed his CA in May 2016, started his career with a Big 4 in Jan'17 in the Risk Advisory department specializing in IT Audit.
  • He cleared his CISA (USA) in May 2018.

What is CISA

  • Certified Information Systems Auditor (CISA) is a certification offered by ISACA Institute (website - www.isaca.org) which is based out of the USA. It’s the super specialization in the fields of IT Audit and Risk.
  • It is a certification issued by ISACA for the people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected.
  • It is designed for IT auditors, audit managers, consultants, and security professionals.

CISA (USA) Exams

Applicability of CISA:

CISA is a Global Certification which is ‘accepted in every country’ as this course is designed as per the ‘Global Reporting Standards’ and is the core in the field of IT Audit and Risk. This CISA is not country-specific.

Duration of CISA exam:

There is only 1 level in CISA. The CISA exam is 4 hours long and consists of 150 multiple choice questions.

Registration Fees

  • Exam registration fees and membership fees cost approx. 710 Dollars, Excluding reading material of 316 dollars and other incidental charges.
  • Failure of the CISA Exam calls for again paying the whole registration fee amount for the next attempt.

Two basic things you must know before applying for CISA:

  • Passing the Exam: It consists of only 1 level. It has multiple choice of 4 answers, but the difficulty level is high as all the 4 answers in the options are correct. We need to answer the most likely correct answer or the closest answer to the situation asked.
  • Getting CISA Certified: Please note that just bypassing the CISA Exam will not suffice as getting certified is mandatory to retain the CISA degree. ISACA allows 5 years of the time frame from the date of passing the CISA exam to get certified - That is one has to get certified within 5 years of passing the CISA exam.

Criteria for getting CISA certified

There are certain criteria that need to be fulfilled prior to applying for certification. In case you do not fulfill those conditions within the given time frame, your Exam result will be forfeited even if you have cleared CISA, resulting in re-appearing for the exam. The criteria are mentioned below:

  • Submit proof of 5 years of relevant work Experience to ISACA.
  • From the 5 years, a maximum of 3 years of waiver is allowed.
  • 2 years of bachelor’s degree (B.Com) and 1 year of Non-IT Audit work-ex (CA-Articleship). This is how you can waive off 3 years in total.
  • Once these 3 years are waived off, you now need 2 years of core IT Audit work-ex (Total 5 years needed less 3 years waived off as explained above)
  • So working in IT Audit for 2 years is a must before applying for certification.
  • Once you are certified ISACA will offer a unique certification number to you. Just like our CA membership number.

Who Should Go For CISA Certification

CISA would be most beneficial for the folks who are into Internal Audit, IT Audit, Risk, Governance or who want to move abroad aiming to head Audit function as a whole.

Since I have experience working in a Big4 (Deloitte) in IT Audit, I would like to highlight what exactly is covered in IT Audit.

Firstly IT Audit / Systems Audit is done only for those applications which have a financial impact. Eg. SAP (Applications directly affecting my financials)

From the Big4's point of view, IT Audit can be divided mainly into 2 types:

  • Support function for Statutory Audits: Where Statutory Auditors leverage their testing on System Auditors results to get the comfort on system generated financials. Which allows them to estimate how to go for substantive testing and the depth of the transaction to be tested
  • Core consulting engagements: Where you represent yourself as companies Internal Management i.e where Statutory Auditors are different.
  • The case would be different in the case of Industries.

Job Role of an IT Auditor

  • Testing of Financial Internal Controls across the company’s business cycle process.
  • Testing of core IT Controls viz. User Access, Change Management, Network, and Data Center.
  • Report logic testing. (Report that is being auto-generated from the system).
  • Providing assurance on third-party transactions.
  • SOX testing, IFC Compliances.

How Did I Prepare For My CISA Exam

Many people think whether CISA contains too technical content and everything is about IT but that's not true.

CISA Exam is purely conducted from an Audit perspective.

Though there is some technical content in the syllabus of the CISA Exam, the questions asked in the exam test your response to the situation from - Audit’s perspective and not the technical stuff.

The timeframe for study

I am from a CA background so I took this much time to fully prepare myself, some folks might take even less time depending on their grasping capacity, so plan accordingly. This is what I did:

  • Timeframe planning and target study are very essential to get success in any exam.
  • For the folks who have audit knowledge, I would suggest 2 months- daily 1 hour is enough. But need to stretch on weekends for 4-5 hours and in the last 5 to 6 days, again need to stretch for 4-5 hours
  • For Non-Audit folks, I would suggest starting at least 4 months earlier. Daily 1 hour.

Tips for passing CISA Exam

  • I believe that conceptual clarity is a must for clearing CISA. Moreover, if you have some practical experience in the IT Audit, this will truly help in clearing CISA.
  • Questions asked in the CISA exam closely resemble the practical situations, so always take yourself into the situation for which question is asked and think practically what you would have done if you were the Auditor.
  • The main focus for preparing CISA should be on the CRM (CISA Review Manual) which is the official study material issued by ISACA (at least 2 readings is a must).
  • After reading CRM go for the Questions and Answers book which is again issued by ISACA. This contains each domain wise questions. (Solve once and revise only those which went wrong the first time). While solving questions first think yourself what should be the answer to this situation and then look at the 4 options, this will surely help.
  • After this go for the test series or sample question answers which you will easily find on the internet.

  • I referred to this website and found best - http://cisaexamstudy.com/
  • Again to conclude CONCEPTUAL CLARITY is the key to crack the Exam on the first attempt.
  • Do not go for solving the same questions twice-thrice as none of the questions are repeated in the exam, rather focus more on individual concepts,” he concluded.

You can reach him at om.daithankar7@yahoo.in/thecastory@gmail.com.


Sign up for The Finance Story Fortnightly newsletter

Inspiration, Learnings, Knowledge in your in-box

Get stories delivered to your inbox

Subscribe to our weekly newsletter
By subscribing, you agree to our Terms of Use & Privacy Policy.
Learning Learning Partner Partner
Which Dell Technologies offerings do you wish to know more about?

Book 1:1 call with industry expert