GST Course

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

CISA Certification: How to get through

What is CISA:

The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA).

Certified Information Systems Auditor (CISA) is a globally recognized certification in the field of audit, control and security of information systems. CISA gained worldwide acceptance having uniform certification criteria, the certification has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance. Vacancies in the areas of IT security management, IT audit or IT risk management often ask for a CISA certification. The exam tends to be associated with a high failure rate. CISA is awarded by ISACA.


- Confirms your knowledge and experience

- Quantifies and markets your expertise

- Demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise

- Is globally recognized as the mark of excellence for the IS audit professional

- Combines the achievement of passing a comprehensive exam with recognition of work and educational experience, providing you with credibility in the marketplace.

- Increases your value to your organization

- Gives you a competitive advantage over peers when seeking job growth

- Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct

Exam Pattern:

CISA exams are conducted three times a year: in June, September and December. The exam is known to be difficult examination and having four hours in length, consists of 200 multiple choice questions and uses the format of one correct answer per question. The scoring is weighted depending on an predetermined value for each question with a passing score of 450 points and a 800-point score as the maximum. Some questions are purely for statistical purposes and do not affect the candidate's score.


To be honest, it’s not an easy task. But if you follow below pattern for preparation, I am sure your certification is not far away.

Resource Requirement:

Only investment that I recommend is buying ‘CISA Review Questions, Answers & Explanations Database’ from ISACA website ( Cost will be approximately 12000/- INR. But same is worth investing if you aspire to clear CISA in first attempt.

Database is online version with features as follow:

The CISA Review Questions, Answers & Explanations Database is a comprehensive 1,200-question pool of items. The database is available via the web, allowing our CISA Candidates to log in at home, at work or anywhere they have Internet connectivity.

Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally questions generated during a study session are sorted based on previous scoring history, allowing CISA candidates to identify their strengths and weaknesses and focus their study efforts accordingly.

Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs.

Now, treat this database as bible for studying CISA.  Please rigorously follow below pattern:

(i)Get one thing absolutely clear. No other study material is required. That will unnecessary create confusion.

(ii)Please start preparation atleast before 4 months of examination.

(iii)Now, this is very very important. Please attempt 40 questions daily. Total time required is  less than half an hour per day. No excuses even on weekends/holidays. I am not recommending any more study. 40 questions daily is the only requirement that will help us to get certification. Please note that, this question database resembles the actual questions asked in CISA examination. Though questions may be framed differently, testing concept remains same. How do I know? I attempted CISA examination twice.

(iv)If you follow 40-40 rule, within a month, you will able to attempt more than 1000 questions. Please note when you attempt a question, please pay more attention on explanation part i.e why a particular answer is correct and why other three are not. Also note that for many questions testing concept will be repetitive in nature. So more question you attempt, more confidence you get. Simple.

(v)In case you want to supplement your study, I recommend ‘ALL-IN-ONE’ by Peter H Gregory. Technicalities have been superbly simplified by Peter.

(v)Sharing my experience. During my first attempt, I collected lot many freely available study materials from website. Mugged up many technical definitions. Went through acronyms and glossaries. Attempted MCQs available from different websites. Seen online videos. But nothing worked. I failed. Though all this things helped me to gain some technical knowledge, I was not able differentiate between correct answer and other three distracters in examination. First of all it took lot of time to understand questions. How would you expect me to answer, when I am struggling to find out even what the hell is the question (:-

Anyways, for the second attempt, I purchased Question-Answer Software from ISACA (I know it’s painful to pay for the study material (:-  ) and started attempted daily atleast 40 questions. I helped me gradually to understand:

(i) Pattern of Questions

(ii) What is the testing concept behind any question.

(iii) Easily able to identify distracters.

(iv) Easily able to co-relate correct answer with question.

(v) Helped me to manage time element.

So, below is my result for second attempt:

Dear Mr. Hemang Doshi:

RE: CISA Exam Result Notification -- Exam ID: 14812446

At your request (per your exam registration authorization), this email is being sent to notify you of your September 2014 CISA exam result. A scaled score of 450 or higher is required to pass, which represents the minimum consistent standard of knowledge as established by ISACA's CISA Certification Committee.

We are pleased to inform you that you successfully PASSED the exam with a total scaled score of 600.Your score was in the top 5 percent of those testing. For your information, your exam results by area are provided below.


The Process of Auditing Information Systems: 711
Governance and Management of IT: 490
Information Systems Acquisition, Development and Implementation: 667
Information Systems Operations, Maintenance and Support: 554
Protection of Information Assets: 591

The above represents a conversion of individually weighted raw scores based on a common scale. As such do not attempt to apply a simple arithmetic mean to convert area scores to your total scaled score.

(vi) If you want to try your luck without spending much, I do have some question banks. Please drop me your email ID and I will be happy to forward the same to you.

(vii) Please do write to me in case of any query/concerns/suggestions at

Prepared by:
CA. Hemang Doshi 

Click here to access online classes on CISA

Tags :

Category Career, Other Articles by - Hemang Doshi