Requirements
As of 2011, Candidates for the CISA must meet several requirements: A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification. Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:
A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience. 60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience. A bachelor's or master's degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if three years of experience substitution and educational waiver have already been claimed. A master's degree in information security or information technology from an accredited university can be substituted for 1 year of experience. Exception: 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.
Read more about this topic: Certified Information Systems Auditor