Certified Information Systems Auditor Exam Guide

A comprehensive 8-week study plan to help you prepare for the ISACA Certified Information Systems Auditor certification exam.

Exam Information

240 minutes

Duration

150 questions

Questions

450/800

Passing Score

$575 USD (members) / $760 USD (non-members)

Exam Cost

Recommended Study Plan

Week 1

Information Systems Auditing Process Part 1

Domain 1: Information Systems Auditing Process (21%)

12-15 hours

IS audit standards, guidelines, and procedures
Risk-based audit planning and strategy
Audit project management
Evidence collection and analysis techniques

Recommended Resources:

CISA Review Manual

ISACA Audit Standards

Week 2

Information Systems Auditing Process Part 2

Domain 1: Information Systems Auditing Process (21%)

10-12 hours

Audit sampling methodologies
Audit documentation and working papers
Audit reporting and communication
Follow-up and continuous monitoring

Recommended Resources:

ISACA Materials

Audit Case Studies

Week 3

Governance and Management of IT

Domain 2: Governance and Management of IT (16%)

12-14 hours

IT governance frameworks (COBIT 2019)
Organizational structure and relationships
IT strategy alignment with business goals
IT policies, standards, and procedures
IT resource management and optimization

Recommended Resources:

COBIT Framework

Governance Guides

Week 4

Information Systems Acquisition, Development, and Implementation Part 1

Domain 3: IS Acquisition, Development, and Implementation (18%)

13-15 hours

SDLC methodologies (Waterfall, Agile, DevOps)
Business case development and feasibility
Requirements analysis and design
System development controls

Recommended Resources:

SDLC Documentation

Development Standards

Week 5

Information Systems Acquisition, Development, and Implementation Part 2

Domain 3: IS Acquisition, Development, and Implementation (18%)

13-15 hours

Testing methodologies and strategies
System implementation and migration
Change management processes
Post-implementation review

Recommended Resources:

Testing Frameworks

Change Management

Week 6

Information Systems Operations and Business Resilience

Domain 4: IS Operations and Business Resilience (20%)

14-16 hours

IT operations management
Service level management (SLAs, SLOs)
Business continuity planning (BCP)
Disaster recovery planning (DRP)
Incident and problem management

Recommended Resources:

BCP/DRP Templates

ITIL Framework

Week 7

Protection of Information Assets Part 1

Domain 5: Protection of Information Assets (25%)

15-18 hours

Information security concepts and frameworks
Access control mechanisms
Network and infrastructure security
Encryption and cryptography

Recommended Resources:

Security Standards

ISO 27001/27002

Week 8

Protection of Information Assets Part 2 & Final Review

Domain 5: Protection of Information Assets (25%) + Review

20-25 hours

Application security and secure coding
Physical and environmental security
Full-length practice exams
Review weak areas and exam strategies

Recommended Resources:

Practice Exams

Quick Reference Guides

Exam Tips & Strategies

Think Like an Auditor

CISA tests your ability to evaluate controls and identify risks. Focus on what an auditor should verify, what evidence is needed, and what the greatest concern should be.

Manage Your Time

With 150 questions in 240 minutes, you have about 1.6 minutes per question. Flag difficult questions and return to them after completing easier ones.

Understand Domain Weights

Domain 5 (Asset Protection) at 25% and Domain 1 (Audit Process) at 21% together account for nearly half the exam. Prioritize these areas while covering all domains.

Master Scenario Questions

Many questions present real-world scenarios. Focus on what should be audited FIRST, what is the GREATEST concern, or what provides the BEST evidence.

Key Topics to Master

IS Audit Process

Risk-Based Audit Planning

Evidence Collection

COBIT Framework

IT Governance

SDLC Methodologies

System Testing

Change Management

Business Continuity Planning

Disaster Recovery

Access Control

Cryptography

Network Security

Application Security

ISO 27001/27002

For the most up-to-date exam information, visit the official exam guide.

View Official Exam Guide

Back to CISA

Certified Information Systems Auditor Exam Guide

A comprehensive 8-week study plan to help you prepare for the ISACA Certified Information Systems Auditor certification exam.

Exam Information

240 minutes

Duration

150 questions

Questions

450/800

Passing Score

$575 USD (members) / $760 USD (non-members)

Exam Cost

Recommended Study Plan

Week 1

Information Systems Auditing Process Part 1

Domain 1: Information Systems Auditing Process (21%)

12-15 hours

IS audit standards, guidelines, and procedures
Risk-based audit planning and strategy
Audit project management
Evidence collection and analysis techniques

Recommended Resources:

CISA Review Manual

ISACA Audit Standards

Week 2

Information Systems Auditing Process Part 2

Domain 1: Information Systems Auditing Process (21%)

10-12 hours

Audit sampling methodologies
Audit documentation and working papers
Audit reporting and communication
Follow-up and continuous monitoring

Recommended Resources:

ISACA Materials

Audit Case Studies

Week 3

Governance and Management of IT

Domain 2: Governance and Management of IT (16%)

12-14 hours

IT governance frameworks (COBIT 2019)
Organizational structure and relationships
IT strategy alignment with business goals
IT policies, standards, and procedures
IT resource management and optimization

Recommended Resources:

COBIT Framework

Governance Guides

Week 4

Information Systems Acquisition, Development, and Implementation Part 1

Domain 3: IS Acquisition, Development, and Implementation (18%)

13-15 hours

SDLC methodologies (Waterfall, Agile, DevOps)
Business case development and feasibility
Requirements analysis and design
System development controls

Recommended Resources:

SDLC Documentation

Development Standards

Week 5

Information Systems Acquisition, Development, and Implementation Part 2

Domain 3: IS Acquisition, Development, and Implementation (18%)

13-15 hours

Testing methodologies and strategies
System implementation and migration
Change management processes
Post-implementation review

Recommended Resources:

Testing Frameworks

Change Management

Week 6

Information Systems Operations and Business Resilience

Domain 4: IS Operations and Business Resilience (20%)

14-16 hours

IT operations management
Service level management (SLAs, SLOs)
Business continuity planning (BCP)
Disaster recovery planning (DRP)
Incident and problem management

Recommended Resources:

BCP/DRP Templates

ITIL Framework

Week 7

Protection of Information Assets Part 1

Domain 5: Protection of Information Assets (25%)

15-18 hours

Information security concepts and frameworks
Access control mechanisms
Network and infrastructure security
Encryption and cryptography

Recommended Resources:

Security Standards

ISO 27001/27002

Week 8

Protection of Information Assets Part 2 & Final Review

Domain 5: Protection of Information Assets (25%) + Review

20-25 hours

Application security and secure coding
Physical and environmental security
Full-length practice exams
Review weak areas and exam strategies

Recommended Resources:

Practice Exams

Quick Reference Guides

Exam Tips & Strategies

Think Like an Auditor

CISA tests your ability to evaluate controls and identify risks. Focus on what an auditor should verify, what evidence is needed, and what the greatest concern should be.

Manage Your Time

With 150 questions in 240 minutes, you have about 1.6 minutes per question. Flag difficult questions and return to them after completing easier ones.

Understand Domain Weights

Domain 5 (Asset Protection) at 25% and Domain 1 (Audit Process) at 21% together account for nearly half the exam. Prioritize these areas while covering all domains.

Master Scenario Questions

Many questions present real-world scenarios. Focus on what should be audited FIRST, what is the GREATEST concern, or what provides the BEST evidence.

Key Topics to Master

IS Audit Process

Risk-Based Audit Planning

Evidence Collection

COBIT Framework

IT Governance

SDLC Methodologies

System Testing

Change Management

Business Continuity Planning

Disaster Recovery

Access Control

Cryptography

Network Security

Application Security

ISO 27001/27002

For the most up-to-date exam information, visit the official exam guide.

View Official Exam Guide

Quick Feedback

Certified Information Systems Auditor Exam Guide

Exam Information

Recommended Study Plan

Exam Tips & Strategies

Think Like an Auditor

Manage Your Time

Understand Domain Weights

Master Scenario Questions

Key Topics to Master

Certified Information Systems Auditor Exam Guide

Exam Information

Recommended Study Plan

Exam Tips & Strategies

Think Like an Auditor

Manage Your Time

Understand Domain Weights

Master Scenario Questions

Key Topics to Master