$ 3,495
Virtual Live
Start April 27th, 2026
Course Overview
Every enterprise runs on information systems — and every board, regulator, and external auditor now expects independent assurance that those systems are controlled, governed, and trustworthy. ISACA's Certified Information Systems Auditor (CISA) is the globally recognized standard for IS audit, assurance, and control professionals. For more than four decades, CISA has been the credential that tells stakeholders: this person can evaluate the controls, assess the risk, and issue an opinion that holds up under scrutiny.
- This comprehensive exam prep program is delivered by Divergence Academy, an ISACA Accredited Training Organization (ATO), ensuring official curriculum alignment with the current CISA Job Practice. Participants progress through all five domains — Information Systems Auditing Process, Governance and Management of IT, Information Systems Acquisition/Development/Implementation, Operations and Business Resilience, and Protection of Information Assets — with a focus on the audit judgment, evidence evaluation, and reporting skills the exam rewards.
- Tools, Languages, and Frameworks Used
- The program covers the full CISA body of knowledge: IS audit standards and guidelines (ITAF), risk-based audit planning, COBIT, ISO/IEC 27001, NIST SP 800-53, IT general controls (ITGCs) and application controls, sampling methodologies, data analytics for audit, SOC 1/SOC 2 reporting, change management and SDLC controls, BCP/DR testing, and audit evidence evaluation. Participants also work through ISACA's official CISA Review Manual and QAE (Questions, Answers & Explanations) Database.
- Course Delivery Model
- CISA Prep is delivered through a blend of instructor-led lectures by ISACA-certified auditors, interactive case discussions framed around real-world control failures and audit findings, hands-on workpaper exercises, and structured QAE practice sessions. Participants receive access to ISACA's official review materials and a cohort-based study cadence designed to build exam stamina and audit-level professional skepticism — not just recall.
Why CISA
Go Anywhere
CISA is the most recognized IS audit credential in the world — more than 151,000 professionals across 188 countries hold it, and it's been issued continuously since 1978. CISA is approved for use under U.S. Department of Defense 8140 cyber workforce roles and is referenced or required in audit job postings across Big Four firms, internal audit departments, federal agencies, and regulated enterprises. Whether you're in public accounting, internal audit, IT risk, or GRC consulting, CISA travels with you.
Enables You
CISA validates that you can plan a risk-based audit, evaluate controls, gather sufficient evidence, and communicate findings in a way that drives remediation. It's the credential that earns you a seat at the table with CFOs, audit committees, and external auditors — and it equips you to challenge management assertions with the professional skepticism regulators expect. CISA turns IT knowledge into audit authority.
Better Pay
CISA holders earn an average of US$149,000+ annually in North America (per Skillsoft), and CISA is consistently ranked among the highest-paying IT certifications in the Foote Partners IT Skills and Certifications Pay Index. Demand for CISA-certified auditors has climbed steadily as SOX, SOC 2, PCI DSS, HIPAA, and CMMC audit requirements have expanded — every new regulation creates new demand for auditors who can speak IS audit fluently.
Achievement
CISA is ANSI-accredited under ISO/IEC 17024:2012 — the international standard for personnel certification bodies — and is the oldest continuously-offered IS audit certification in existence. It has been recognized repeatedly by CIO.com, Global Knowledge, and Certification Magazine as one of the most valuable and highest-paying IT certifications year over year. Earning CISA signals to audit committees, regulators, and clients that your audit opinions carry weight.
Program Outline
- IS Audit Standards, Guidelines, and Code of Professional Ethics (ITAF)
- Risk-Based Audit Planning and Execution
- Audit Evidence Collection, Sampling, and Documentation
- IT Governance and Management Frameworks (COBIT)
- IT Strategy, Policies, Standards, and Procedures
- IS Acquisition, Development, and Implementation Controls
- Project Management and SDLC Audit
- System Migration, Conversion, and Post-Implementation Review
- IT Operations, Service Management, and Performance Monitoring
- Business Resilience, BCP, and DR Testing
- Protection of Information Assets and Access Controls
- Network, Endpoint, and Cloud Security Audit
- Data Privacy, Classification, and Incident Response Audit
- QAE Practice Sessions and Exam Strategy Labs
Why Divergence
Beyond Content
Our cohort-based model ensures active social learning — not a solo march through recorded videos. Participants work through audit scenarios, debate control evaluations, and build workpapers alongside peers who bring perspectives from public accounting, internal audit, federal oversight, and client-side IT risk teams. You graduate having practiced CISA-level audit thinking, not just read about it.
Beyond the Classroom
As an ISACA Accredited Training Organization (ATO), Divergence Academy delivers the official CISA Review curriculum with instructors who hold CISA and related ISACA credentials. You receive structured office hours, QAE coaching, exam strategy sessions, and application review support — guidance that extends past the final class into your exam date and beyond.
Beyond Certification
Join a network of CMMC professionals, assessors, and consultants building careers in defense cybersecurity. Share insights, dDivergence alumni span Big Four auditors, internal audit directors, IT risk managers, and GRC consultants — many working across the Defense Industrial Base, financial services, healthcare, and Fortune 500 audit teams. The CISA cohort plugs you into an active community of practitioners who continue sharing audit programs, control testing templates, and findings examples well after certification.iscuss real-world assessment challenges, and stay current as the CMMC ecosystem evolves.
Beyond One Course
CISA pairs naturally with CISM (management perspective), CRISC (risk focus), and CDPSE (privacy engineering) for professionals building a full ISACA credential stack. Bundle pricing is available for the tri-cert (CISA + CISM + CRISC) pathway — ideal for GRC leaders building cross-domain authority. Ask about our ISACA tri-cert track.
ISACA Certified Information Systems Auditor (CISA) Prep
A cohort-based virtual live program that prepares you to pass the CISA exam and operate as an independent IS audit professional. This course goes beyond exam recall into the audit judgment ISACA tests — how to scope a risk-based audit, evaluate IT general controls, assess evidence sufficiency, and communicate findings that drive management action. Includes ISACA official review materials, QAE database access, and the full five-domain curriculum mapped to the current CISA Job Practice.
Frequently Asked Questions (FAQs)
Prerequisites
To sit for the CISA exam, ISACA requires no prerequisites — anyone may take the exam. However, to earn the CISA certification, you must document five (5) years of professional information systems auditing, control, or security work experience within the 10 years preceding application or within 5 years after passing the exam.
Experience waivers (up to 3 years) are available for:
- A maximum of one year of IS experience OR one year of non-IS auditing experience (1 year waiver)
- 60-to-120 completed university semester credit hours (60 credits = 1 year waiver; 120 credits = 2 year waiver)
- A bachelor's or master's degree from an ISACA-sponsored partner university (up to 2 year waiver)
- A master's degree in information security or information technology from an accredited university (1 year waiver)
- Two years as a full-time university instructor in a related field (1 year waiver)
For this course, Divergence recommends (not requires):
- At least 2 years of IT, audit, or compliance experience
- Familiarity with IT general controls concepts (access, change, operations)
- Basic understanding of risk and control frameworks (COBIT, NIST, ISO 27001)
Divergence Academy is an ISACA Accredited Training Organization (ATO) — you register directly with Divergence for the course, and separately with ISACA for the exam. Exam registration fees are paid to ISACA.
CPA (AICPA) is the gold standard for financial audit and accounting — it certifies you can audit financial statements. CISA is the gold standard for IS audit, certifying you can audit the systems and controls that produce those financial statements and govern the business. Many CPAs earn CISA to move into IT audit; many IT auditors earn CISA to formalize what they already do. The two credentials are highly complementary and often held together by audit partners and internal audit directors.
A CISA-certified professional plans and executes risk-based IS audits, evaluates IT general and application controls, assesses evidence and documents findings, tests business continuity and disaster recovery plans, and reports audit results to management, audit committees, and external regulators. Typical titles include IT Auditor, IS Audit Manager, Internal Audit Director, IT Risk Analyst, SOX Compliance Manager, SOC Auditor, and GRC Consultant.
The exam covers 150 questions across five job practice domains:
- Information Systems Auditing Process — audit standards, planning, execution, reporting
- Governance and Management of IT — IT strategy, frameworks, organizational structure
- Information Systems Acquisition, Development, and Implementation — project management, SDLC, testing
- Information Systems Operations and Business Resilience — IT operations, BCP, DR
- Protection of Information Assets — security controls, privacy, incident response
Virtual Live instructor-led, cohort-based. Sessions are delivered synchronously via Zoom with recordings available for review. Includes ISACA official CISA Review Manual access, QAE database subscription, live domain deep-dives, and exam strategy sessions. Delivered by Divergence Academy as an ISACA Accredited Training Organization.
Course tuition: $3,495 — all-inclusive, paid to Divergence Academy. Includes:
- ISACA official materials: One attempt CISM exam, CISM Review Manual, QAE (Questions, Answers & Explanations) database subscription, and ISACA Self-Study Online Review Course
- ISACA Membership (one year) — unlocks the ISACA member network, free CPE opportunities, and discounted rates on any future exam retakes
- Divergence Academy value-add: Access to our proprietary ISACA Governance Simulations platform — Socratic AI-driven 12-turn interview simulations that test governance judgment across all four CISM domains, with 4-dimension scoring (priority, lens, evidence, boundary) and Mirror Moment blind-spot analysis. Not available anywhere else.
Ongoing after certification:
- Annual CISM maintenance: $45/year (member) or $85/year (non-member) — paid directly to ISACA
- CPE requirements: 120 CPEs every three-year cycle, minimum 20 annually
All ISACA fees (annual maintenance, renewals) are paid directly to ISACA. Verify current pricing at isaca.org.
To maintain CISA, you must earn and report a minimum of 120 CPE hours every three-year reporting cycle, with at least 20 CPEs annually. The CISM Review course itself earns up to 14 CPEs (VILT) or 20 CPEs (online review). CISM awards up to one hour of CPE for every one hour of instructor-led training.
You can still take and pass the exam — your CISA certification simply remains pending until you document the required experience (within 5 years of passing). Many candidates use this window to take on IS audit or control-testing responsibilities, knowing the exam is already behind them. Divergence instructors can advise on experience-waiver documentation and career moves that accelerate eligibility.
AI in the flow of training
Train Smarter with the Simulator Platform
Mock assessments. Real-time feedback. Judgment under pressure — not just content recall.