We know, we just told you with all confidence that you won’t need much pushing to get you to want to pursue the CISA certification. And you won’t, which is why we’re going to go over the downside first. There’s really very little of one to begin with and this way, we’ll be saving the best for last.
5 Years Experience
There’s really no getting around this. You need to have a minimum of five years of professional work experience in information systems, auditing, and/or security. There are substitutions, which help those of you too young to have gained that amount of experience or those that have switched career paths.
Some of those substitutions include a two or four year degree, certain universities with the proper curriculum can gain you another year of substitution, and being an instructor in the field of IT can also reduce some of your required work experience. For a full list and more detailed breakdown, check out our article on the CISA Certification Process.
So while that is a decent amount of time necessary to become certified, it can be reduced by a max of three years through a variety of ways. And you can take the test before you’ve fulfilled this time requirement as well. As far as downsides go, it’s not too bad.
Annual CPE Adherence
The CISA Certification isn’t one of those certs you obtain and then forget about it. You have to maintain your knowledge and skillset in accordance with the fast and ever changing landscape of IT. Which, if you’re in this industry, you’re already unofficially doing so anyway. So again, this isn’t much of a drawback. But it’s worth mentioning, as it isn’t free and constitutes another time commitment.
The Continuing Professional Education program has an annual cost and requires you to complete 20 contact hour each year and a minimum of a 120 contact hours over a fixed three year period. This really isn’t a huge commitment and is really just standardizing and making official something you’d already be doing in this field anyway. And it’s useful information that you need to know to properly do your job.
Now that we’ve covered the negative aspects—and let’s be honest, they’re hardly that bad at all—let’s look at what makes becoming CISA certified so very worth it.
The money you make in this industry is largely dependent on certifications with none being more important or as impactful as the CISA certification. Auditing will be the most prevalent job type for someone with the CISA, as expected. But managers and analysts benefit greatly from the CISA cert as well. Here’s a table from payscale.com to show you the range of salaries:
|Job Title||Minimum Salary||Maximum Salary|
|Senior Information Technology Auditor||$68,404||$108,272|
|Information Technology Auditor||$53,356||$92,832|
|Internal Audit Director||$94,473||$171,125|
|Information Security Manager||$83,131||$151,570|
|Information Security Analyst||$47,410||$118,124|
|Senior Information Technology Auditor|
|$68,404 – $108,272|
|Information Technology Auditor|
|$53,356 – $92,832|
|Internal Audit Director|
|$94,473 – $171,125|
|Information Security Manager|
|$83,131 – $151,570|
|Information Security Analyst|
|$47,410 – $118,124|
That’s a pretty enticing range of monies to be earned. Even starting out at the bottom isn’t terrible and the upper end of those smaller salaries reaches decently high. And while this is a promising little table that shows you definitely won’t starve, there’s a better reason why becoming CISA certified is worth the cost, time, and effort.
Demand for CISA certified auditors has grown steadily since it’s inception. Even during the recession in 2009, demand for CISA certified employees did not dip according to recruiters in the field. One of these recruiters, Derek Duval, owner of Duval Search Associates, notes that demand has quadrupled in the last decade. And he’s noticed an interesting trend in demand for CISA certs in non-audit roles such as IT risk management, IT compliance, and IT controls analysts.
This is also most noticeable in large IT departments where leaders are recognizing the worth of having a CISA to help coordinate with multiple IT controls stakeholders such as internal and external auditors as well as regulators. And CISA certified professionals are also highly prized for project management to help with implementation of IT control solutions.
The Bottom Line
The range of benefits for becoming CISA certified includes a strong and steady demand, a decent to nice salary range, and an increasing value placed upon persons with the certification. Ultimately though in the world of IT assurance, the question you need to ask yourself isn’t if you should get CISA certified, but when will you get it. Start your path to becoming CISA certified with our guaranteed review course!
Lead Content Writer
Duke is a professional writer with a penchant for the world of finance and accounting. He enjoys rock climbing, free diving, and cooking.
Favorite Quote: "You can never have too many knives."