🥳🥳Launch week sale🥳🥳75% off all exams for a limited time celebrating our launch!!
75% off$39 $9.75Shop the sale
ISACA

Certified Information Systems Auditor

The Certified Information Systems Auditor (CISA) is ISACA's globally recognized certification for professionals who audit, control, monitor, and assess an organization's information technology and business systems. The 2024 job practice spans five domains covering the audit process, IT governance, systems acquisition, operations and resilience, and protection of information assets.

Practice

Learn at your own pace. Answer questions one at a time with instant feedback and explanations.

Start practice

Mock exam

Simulate the real thing. Take a timed, full-length test and review your score and weak areas.

Sign up to start
Get full access Unlimited practice and timed mock exams for 90 days. Create your account at checkout.
$39 You save $29.25 today

Study your way: beyond Practice and Mock exam, choose adaptive, hard mode, ready review, objective coverage, or retry-your-misses — and set your own question count, timer, and pass mark.

About this exam

CISA is the standard of achievement for those who audit, control, monitor, and assess information technology and business systems. Aligned to ISACA's 2024 CISA job practice, it covers five domains: Information Systems Auditing Process (18%), Governance and Management of IT (18%), IS Acquisition, Development and Implementation (12%), IS Operations and Business Resilience (26%), and Protection of Information Assets (26%).

Who should take this exam

IT auditors, audit managers, security and assurance professionals, IT consultants, and compliance professionals. CISA requires five years of professional experience in IS audit, control, assurance, or security (with possible waivers), which can be satisfied within five years after passing the exam.

Career benefits

CISA is widely required or preferred for IT audit and assurance roles and is recognized by employers and regulators worldwide. It validates expertise in assessing controls and reporting on IT and business systems.

How to prepare

Study the ISACA CISA Review Manual and job practice, take practice questions across all five domains, and focus on audit standards, risk-based auditing, IT governance, SDLC controls, operations and resilience, and information security controls.

Quick facts

Exam costUSD 575 for ISACA members, USD 760 for non-members.
Valid forMaintained through ISACA's CPE program: 20 CPE hours annually and 120 over a three-year cycle, plus the annual maintenance fee.
Length240 minutes
Questions on exam150
Passing scoreA scaled score of 450 or higher (on a scale of 200 to 800) is required to pass.
Format150 multiple-choice questions over 4 hours (240 minutes). Delivered at PSI test centers or via remote online proctoring.
Practice questions150
Objectives5
Official pageView

What's covered

1. Information Systems Auditing Process

18%
  • 1a IS audit standards, guidelines, and codes of ethics
  • 1b Risk-based audit planning
  • 1c Types of audits, assessments, and audit methodology
  • 1d Audit evidence collection, sampling, and techniques
  • 1e Audit reporting, follow-up, and quality assurance

2. Governance and Management of IT

18%
  • 2a IT governance, strategy, and enterprise architecture
  • 2b IT policies, standards, procedures, and frameworks
  • 2c IT organizational structure, roles, and human resources
  • 2d Enterprise risk management and IT resource management
  • 2e IT performance monitoring, laws, and regulations

3. Information Systems Acquisition, Development and Implementation

12%
  • 3a Project governance and management for IS projects
  • 3b Business case, feasibility analysis, and system requirements
  • 3c System development methodologies and controls
  • 3d Testing, configuration, release, and implementation readiness
  • 3e Post-implementation review and system migration

4. Information Systems Operations and Business Resilience

26%
  • 4a IT components, asset management, and job scheduling
  • 4b System interfaces, end-user computing, and data governance
  • 4c Systems performance, problem, and incident management
  • 4d Change, configuration, release, and patch management
  • 4e Business impact analysis and business continuity planning
  • 4f Backup, storage, and disaster recovery planning

5. Protection of Information Assets

26%
  • 5a Information asset security frameworks, standards, and controls
  • 5b Physical and environmental controls
  • 5c Identity and access management
  • 5d Network and endpoint security
  • 5e Cryptography and public key infrastructure
  • 5f Security event monitoring, incident response, and forensics

Frequently asked questions

Are these real exam questions?

No. These are original practice questions written to match the exam objectives, each with an explanation so you actually learn the material — not exam dumps.

How does practice mode work?

You answer questions one at a time with instant feedback and explanations. Over time the app adapts, prioritizing the objectives and questions you struggle with most.

What is a mock exam?

A timed, full-length simulation that holds feedback until the end, then shows your score, pass/fail result, and a breakdown by objective.

Can I customize how I study?

Yes. Pick the study mode that fits — adaptive practice, hard mode, ready-for-review, objective coverage, or retrying questions you've missed — and set your own question count, timer, and passing score for each session.

Do I need an account?

You can try free questions for this exam without signing in. Create a free account to save your progress, track weak objectives, and unlock the full question bank.

Study resources

Your bundle 2 of 3
AWS Certified AI Practitioner ×Certified Information Systems Auditor ×
An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.