Certification directory

ISACA

Vendor · ISACA

Certified Information Systems Auditor (CISA)

ISACAProctoredPublic registryActive issuerDeep analysis

78Authority Index?B

Program overview

Global IT audit standard — governance, acquisition, operations, and protection of information systems.

ROI hypothesis: IT audit, assurance, and GRC roles in regulated enterprises.

Who it's for

IT auditors, assurance managers, and GRC professionals evaluating controls in regulated enterprises.

Exam & logistics

Cost: $575–760
Prep window: 16 wk · Issuer guidance ~150 hours · editorial planning 16 weeks part-time
Difficulty: Rigorous (52% pass) · typical prep 150–190 hours — multi-month mastery expected
Format: 150 multiple-choice questions, 4 hours, proctored (PSI). Five domains: governance, acquisition, development, operations, and protection.

Pros

Global hiring signal for IT audit and assurance roles
Pairs naturally with CRISC and CISM for risk and security leadership paths
Strong regulator and Big Four recognition

Cons & tradeoffs

Audit framing can feel distant from hands-on engineering roles
Experience and CPE requirements for certification maintenance
Exam content requires periodic updates as ISACA refreshes the job practice

Skills & domains

Security
Risk & compliance
Governance

$575–760Exam cost?Fees only · prep extra

16 wkPrep time?Issuer guidance ~150 hours

52%Pass rate?Rigorous (52% pass) · typical prep 150–190 ho…

0Holder reviews?Awaiting holders

~21Est.Exam vs reality?Editorial estimate until holder reviews arrive

Six editorial buckets (85 pts total) plus holder sentiment (+15 max). Each bucket score reflects issuer docs and editorial research — not holder votes.

Identity?

Registry, proctoring, and badge verifiability.

18/20

Issuer: ISACA
Official Name: Certified Information Systems Auditor (CISA)
Registry Url: https://www.isaca.org/credentialing/cisa
Badge Standard: Unknown

Logistics?

Exam fees, prep window, and scheduling friction.

15/15

Cost Band: $575–760
Duration Weeks: 16
Price Min Usd: 575
Price Max Usd: 760

Difficulty?

Pass-rate rigor and prep load inside the scorecard.

10/10

Official Pass Rate Pct: 52

Curriculum?

Skill coverage and blueprint alignment.

12/15

Skill Count: 3
Fit Score: 86
Skills: Security; Risk & compliance; Governance

Market Signal?

Employer demand and job-market visibility.

13/15

Signal Score: 84

Outcomes (Editorial)?

Stated ROI and time-to-value from issuer/editorial research.

10/10

Employer Roi Hypothesis: IT audit, assurance, and GRC roles in regulated enterprises.
Time To Roi Weeks: 32

How to read these metrics

Scores compare structural trust, market signal, and holder sentiment — not personal career fit. Hover or focus the ? icons on this page for quick definitions.

Score totals

Authority Index: Structural bucket scores (identity, logistics, difficulty, curriculum, market signal, outcomes) plus a small sentiment layer from verified holders. Hard filters (e.g., unproctored, dormant issuer) cap the maximum score.
Structural score: Editorial assessment of registry presence, proctoring, pass-rate difficulty, curriculum fit, employer signal, and stated ROI — independent of community reviews.
Sentiment sub-score: Derived from exam-vs-reality gap and verified holder volume. Stays at 0 until enough verified holders exist to avoid noisy early samples.
Uncapped projection: Shown when a trust alert applies (e.g., unproctored exam, dormant issuer). The ghost number is editorial bucket math before the cap — community sentiment still cannot exceed the cap.

Scorecard buckets

Identity: Public registry presence, proctor vendor quality, and open badge standards (e.g., Credly). Weak identity lowers trust even when marketing is strong.
Logistics: Typical USD exam fees (excluding prep bundles), part-time study weeks, and how transparent the issuer is about total cost to sit.
Difficulty: Uses issuer-reported pass rates when available. Low pass rates and heavy prep indicate a meaningful filter — not just exam length.
Curriculum: Breadth of assessed skills, fit to stated job roles, and how well the blueprint maps to real operator work — not course marketing alone.
Market Signal: Editorial read of hiring demand, job-posting frequency, and recruiter recognition. Contributes up to 15 structural points — not a placement guarantee.
Outcomes (Editorial): Employer ROI hypotheses and typical time-to-ROI from teardowns and issuer claims. Holder salary outcomes appear separately under Outcomes & Sentiment.

Quick stats

Authority Index: Structural bucket scores (identity, logistics, difficulty, curriculum, market signal, outcomes) plus a small sentiment layer from verified holders. Hard filters (e.g., unproctored, dormant issuer) cap the maximum score.
Structural score: Editorial assessment of registry presence, proctoring, pass-rate difficulty, curriculum fit, employer signal, and stated ROI — independent of community reviews.
Market signal: Higher values indicate stronger hiring-market and job-posting signal for this credential. Used inside the structural score, not a standalone hiring guarantee.
Exam vs reality gap: When verified holder reviews exist, gap reflects blueprint match, surprise narratives, and study-hour deltas. Without reviews we show an editorial estimate (~) from official pass rates and study load — not holder-verified.
Holder reviews: Only reviews from credential holders who completed verification are counted. Sentiment aggregates and verified gap scores unlock at n≥5 published reviews.
Exam cost: Ranges reflect list exam fees; training bundles, retakes, and membership dues may add materially — especially for multi-part finance and compliance programs.
Prep duration: Editorial planning estimate for working professionals (~8–12 hrs/week). Your timeline varies with prior experience and retakes.
Difficulty: Combines issuer-reported pass rates (when available) with typical study hours. Low pass rates and long prep windows indicate rigorous filters.

Gap values marked Est. are editorial estimates from pass rates and study load until verified holder reviews publish. Review counts show published holder narratives only.

Outcomes & Sentiment

Community layer · sentiment sub-score +0 max? (does not override structural caps)

Pros consensus

Insufficient published reviews

n=0 verified

Cons consensus

Insufficient published reviews