ISACA Student Group (HKUST) Logo

CISA Workshop

What Is a Certified Information Systems Auditor (CISA)?

Certified Information Systems Auditor (CISA) refers to a designation issued by the Information Systems Audit and Control Association (ISACA). The designation is the global standard for professionals who have a career in information systems, in particular, auditing, control, and security. CISA holders demonstrate to employers that they have the knowledge, technical skills, and proficiency to meet the dynamic challenges facing modern organizations.


Certified Information Systems Auditor (CISA) Exam

Candidates have the option to sit the exam in June, September, or December in testing centers worldwide. The exam is also available in multiple languages including Chinese Mandarin (simplified and traditional), Spanish, French, Japanese, and Korean.

The CISA exam tests candidates' knowledge of five job practice domains

  • The Process of Auditing Information Systems (21%) This domain focuses on providing audit services in accordance with designated professional standards that protect and control information systems. This domain is intended to test on planning and execution of risk assessments and audits.
  • Government and Management of IT (17%) This domain focuses on identifying critical issues and making company-wide recommendations that protect information and related technology resources. This domain is intended to test on IT frameworks, enterprise architecture, laws and regulations, and quality assurance.
  • Information Systems Acquisition, Development, and Implementation (12%) This domain focuses on the initiating, creation, and ongoing buildout of information systems and their security elements. This domain is intended to test on business cases and feasibility analysis, design methodologies, configuration management, and system migrations.
  • Information Systems Operations and Business Resilience (23%) This domain focuses on how an information system operates during a normal course of business. This domain is intended to test on information system operations, end-user computing, system resiliency, data back-up, business continuity planning, and disaster recovery plans.
  • Protection of Information Assets (27%) This domain focuses on cybersecurity and the protection needed to ensure intellectual property or sensitive customer information is protected. This domain is intended to test security, controls, security event management, and physical access limits.

Awards and Achievements

Benjamin Huber receiving the CISA certification

1 August 2014, Benjamin Huber, an HKUST Information Systems undergraduate

Scored the world's highest mark on the internationally recognized Certified Information Systems Auditor (CISA) exam.