r/CISA

▲ 16 r/CISA

CISA Preliminary Pass (My 6-Week Study Plan)

I recently took the CISA exam and received a preliminary pass. I have a few years of relevant experience, work full time, and wanted to minimize total calendar time spent studying (which I was able to limit to 6 weeks)

What I Used

  • Hemang Doshi CISA Study Guide (3rd Edition) – Main resource (Kindle with text-to-speech at 2x)
  • ISACA QAE
  • Udemy – CISA Exam Pack: 900 REALISTIC Practice Tests 2026
  • Pete Zerger – CISA Exam Prep (YouTube)

What I Would Do Differently

My initial plan was to watch one domain of the Hemang Doshi CISA Exam Masterclass on Udemy, then complete all ISACA QAE questions for that domain before moving to the next. I only followed this strategy for Domains 1 and 2 before abandoning it. I don't recommend this approach. The videos were difficult to follow at 2x speed due to the accent, weren't comprehensive enough to prepare me for the QAE, and I ended up getting many questions wrong. In hindsight, it was a poor use of my first week of studying.

What Worked

I switched to listening/reading along to the Hemang Doshi CISA – Certified Information Systems Auditor Study Guide 3^(rd) addition on Kindle. After each domain, I completed 20–50 practice ISACA QAE questions and reviewed every explanation.

After finishing the book, I took multiple full-length practice exams from different sources (Udemy, Packt [the book's mock exam], and one ISACA QAE mock). I then watched Pete Zerger's CISA review and finished with additional practice questions and mock exams.

My Biggest Recommendation

Read one good CISA book first, then do lots of practice questions and supplemental studying

The explanations are where most of the learning happens. I learned far more reviewing why answers were right and wrong than I did simply reading.

I also recommend using multiple question banks. The ISACA QAE practice exam uses the same question pool as the practice questions, so if you've already worked through much of the QAE, your mock score may be inflated because you recognize questions.

My Practice Scores

  • ISACA QAE Mock: 69%
  • Udemy full mocks: 56, 69, 70%
  • Packt mock: 73%

Despite Udemy noting 80% pass on mock and many people recommending 80%  on ISACA QAE mock before testing, I scheduled my exam because my scores were consistent across fresh question banks rather than based on memorization.

Final Thoughts

Don't obsess over hitting 80% on every mock. Focus on understanding why each answer is correct.

I found the real exam more straightforward than the ISACA QAE tests and Udemy questions were often trickier than necessary & included errors, but they forced me to slow down and read every question and available answer choices, which helped on exam day.

reddit.com
u/Key-Ad3642 — 19 hours ago
▲ 13 r/CISA

CISA x Notebook LLM

I have a questionnaire of CISA and manual but want to use Notebook LLM to prepare. Can anyone please help me with the creation of material from it. I have google pro as well

reddit.com
u/HelicopterOk5293 — 1 day ago
▲ 7 r/CISA

CISA certification within the next 4 months

I’m planning to take the CISA exam in about 4 months while working full-time. I have 2 years of Big Four IT audit experience and 1 year in risk consulting, and I’m using the official ISACA materials.
Is 4 months realistic? How would you structure the study timeline and weekly workload?

Thanks community

reddit.com
u/bestvofu — 1 day ago
▲ 97 r/CISA

Passed CISA in the 1st attempt

Hi. I passed the CISA exam after studying almost 4 months. I feel a bit surprised that Domain 1 is my weakest area.... Just want to give back to this subreddit as you guys give me some insights on exam tips to help me pass it.

Background: I don't have internal audit experience but I have been working in tech and cyber security for a few years. Practised 4000+ questions to prepare for the exam.

I went for an exam when I scored 75-83% for dump/mock questions/QAE in general.

Studied all 5 domains - I spent a bit more time on Domain 4 and 5

Materials used:

1/ QAE manual 12th version - revisited the wrong questions for a few times

  • 1st attempt: 68%, then later on I scored 72-74%. Last attempt was 76%

2/ Nutshell Training - redditor here. I read his PDFs and his videos to clear up some confusion

https://m.youtube.com/@NutshellTraining

3/ Prabh Nair - watched all his CISA videos (I believe his videos are useful, letting me understand the complicated concepts)

  • I watched his videos of Domain 1-2 twice because I felt confused about IT governance and framework when studying
  • practice questions - must-watch

https://youtube.com/@prabhnair1

4/ Pete Zerger - watched all his CISA videos (watch them first if you are in the preliminary stage of studying)

  • good for the beginning of your studying journey, giving you rough idea

https://youtube.com/@insidecloudandsecurity

5/ Purchased question banks and subscribed to a 6-month subscription on CISA dump/mock questions with explanations) from Taobao sellers

  • questions consolided from different free-of-charge wesbites but the sellers revise the answers and provide detailed explanations

6/ Chatgpt

  • asked AI to explain the wrong questions + help you to summarize the common patterns of your wrong questions
  • Focus on and re-study your unfamiliar areas

7/ Useful site: https://cisaexamstudy.com/cisa-exam-full-mock-test/

  • The mock tests are quite close to actual exam questions. I scored 72-83%
  • I did them for 2 times

8/ a Reddit post - Cheat sheet

Happy to answer if you have any questions.

u/ifightforhk — 2 days ago
▲ 7 r/CISA

Questions Related to the CISA Exam - Please Respond Based on Your Experience!

I am preparing to take the CISA exam in the next few weeks, and was hoping to get input on a few questions related to the exam from those that have already taken it:

  1. What difficultly level(s) would you say the questions on the actual CISA exam are (Easy, Moderate, Difficult, Expert)? I’ve heard some people say most questions seemed to be moderate difficulty, while others say the questions on the exam were difficult/expert level.

  2. Were there any topics that came up on the exam that you were surprised to see/did not appear in the QAE? If so, what are the topics?

  3. Overall, would you say the actual CISA exam is easier or more difficult than the QAE, and why?

  4. Any tips/recommendations for someone planning to take the CISA exam in the next few weeks?

Thank you so much and I hope this is helpful for others also!

reddit.com
u/Logical_Option_5046 — 5 days ago
▲ 25 r/CISA+1 crossposts

Passed CISA Exam 6/28

I am thrilled to share that I have officially passed my CISA exam!

I initially planned to take this exam last year, but life got a bit hectic, and I had to postpone. This past Wednesday, I decided to take a pretest and scored a 69%. After reviewing the questions I got wrong, I felt more prepared and confident, so I scheduled my exam for Sunday.

I used the CISA Official Guide and QAE to study for this. The exam was really straightforward.

reddit.com
u/Ok_Nefariousness9522 — 6 days ago
▲ 6 r/CISA

CISA Training Materials

Hi ,

Please redirect me to another chat if you know one so i don't bother people here but is the Q&E THAT important to get, i am using Pocket Prep , i do have the CRM and Udemy course. It's just so expensive, ALSO is the exam use abbreviations or they use the full word??

Thank you for your help

reddit.com
u/Schewniie — 7 days ago
▲ 5 r/CISA+1 crossposts

Would you pay for a CIA exam preparation app with 4,000+ questions?

Hi everyone, I work as an internal auditor in a department of 25 people. Many of my colleagues are CIA-certified, and our team also includes people who achieved top scores in the CIA exam.
We are currently studying together, and I have access to a question pool containing Gleim questions, Backer questions, and questions that have actually appeared in previous CIA exams for all three parts.
Based on our team’s experience, repeatedly solving these questions significantly increases the likelihood of passing. This gave me the idea of developing a CIA exam preparation app that would be more affordable than existing platforms.
The app would provide access to more than 4,000 questions covering CIA Parts 1, 2, and 3. It could also include explanations, mock exams, progress tracking, and performance analysis.
Would you be interested in using such an app? How much would you be willing to pay for it? I would appreciate your honest feedback.

reddit.com
u/Ok-Strain-1056 — 7 days ago
▲ 3 r/CISA

Will CISA help in my situation?

I currently work in industry for a top tech company doing SOX auditing. I’ve been here for 5 years and didn’t do any big4 experience. In my job I mostly do ITGCs, SOC1, and other SOX activities. Since I don’t have big4 experience, will CISA help with my current experience?

reddit.com
u/Extension-Recover773 — 8 days ago
▲ 17 r/CISA+1 crossposts

10 years in IT audit but mostly SOX — feel stuck. How do I take my career to the next level?

Throwing this out to the audit/GRC community for honest feedback.

Background:

I have been in IT audit for about 10 years but want to be upfront — the majority of my experience is IT SOX compliance specifically, not broad IT audit. The last 4+ years I owned and built an IT SOX/ITGC program from the ground up at a mid-to-large company — framework, scoping, GRC platform implementation, control owner training, external auditor relationships, and executive reporting. Before that, a large enterprise SOX program (47+ applications, 500+ controls) and public accounting doing IT audit and SOC work. CISA certified. I have also built compliance automation using Power Automate.

Outside of SOX I have minimal exposure — some operational audits, SOC 1 Type 2 reviews, brief ERM involvement. Not enough to call any of it core experience.

The problem:

I know the difference between IT SOX and IT audit broadly. SOX is a defined compliance exercise. Real IT audit requires risk-based topic selection, audit planning, and judgment I haven't built enough reps on. When I read JDs outside of SOX I feel underqualified despite 10 years in the workforce.

My questions:

If you moved from heavy IT SOX into something broader — what was it and was your SOX background an asset or a limitation?

If staying in audit — what types of IT audits would add the most value to a SOX-heavy resume?

What non-audit roles do you think this background realistically supports without starting over — GRC, IT Risk, Internal Controls, AI Governance?

Is 10 years of deep IT SOX experience a ceiling or a foundation?

No sugarcoating. Just honest takes.

reddit.com
u/Different_Scheme5176 — 10 days ago
▲ 13 r/CISA+1 crossposts

Big 4 IT Audit → Internal Audit. Those who've done it, how'd you land it?

Hey all, been lurking here for a while and figured I'd finally post. Looking for some honest input from people who've made a similar move.

Quick background on me: Canadian CPA + CISA, about 5 years at a Big 4 firm, just got promoted to Assistant Manager. My whole career there has been IT audit and assurance, i.e., SOC 1/2, ITGCs, that kind of thing, mostly in financial services and regulated industries. I manage a small team and run my own engagements. I'm also starting to work toward my CIA.

Before public accounting I spent over a decade in industry in operational and supervisory roles, so I didn't come up through the traditional accounting path.

I'm based in western Canada in a lower cost of living city. Young kids at home means picking up and moving to Vancouver or Toronto isn't realistic right now, so I'm either staying local or need something genuinely remote.

I've been seriously thinking about making the jump to internal audit. Manager or Senior level at a credit union, Crown corp, financial institution, something like that. Honestly the main drivers are pretty simple: I'm tired of the hours, I want stability, and I'd rather go deep in one organization than keep rotating through clients.

A few things I'd love input on:

How did you frame your experience when making the switch? This is probably my biggest question. My background is very IT audit heavy and I want to make sure I'm telling the right story when I'm applying — whether that's leaning into the controls/assurance side, the regulated industry exposure, the people management, whatever. Would love to hear what actually landed for people.

Did the IT audit background work against you at all? I can speak to controls broadly and I have the operational background to back it up, but I'm a little worried about being pigeonholed or passed over for roles that skew more operational or financial.

What's the day-to-day actually like? I know I'll miss the variety of clients to some degree but honestly I think I'll get over it fast. Curious if people feel like they're still growing or if it starts to feel stale after a few years.

Appreciate any input, especially from anyone who's landed at a credit union, Crown corp, or similar. Thanks

reddit.com
u/TheNorthernNorth — 9 days ago
▲ 28 r/CISA

How I Passed

I passed the exam a couple of weeks ago with a 625, and wanted to share my process.

For background, I have 1 year of audit experience, Security+, and have passed CIA part 1. In my experience, CIA was helpful for learning the audit process and Sec+ was helpful for learning some basics of cybersecurity.

My process was to mainly just take a ton of QAE questions off the bat to familiarize with the question style, scope, and depth of what would be needed to pass. Once I got a feel for this, I watched the Pete Zerger series on YouTube, and took questions specific to whatever I was watching, while still mixing in some mixed category review throughout.

Once I finished the Zerger series, I took my first practice exam (77%). I spend the next week studying weak spots, and also started using pocket prep to identify whether I was just memorizing patterns. I made 77% again, but with fewer glaring weaknesses. I took the test a week later and scored 625.

A couple of tips:
-I recommend taking the test at a test center. You won’t have to think about your set up at all, and can purely focus on taking the exam.

-I’d try to have at least two question sources. QAE was far and away the most helpful, but something like pocket prep will give you a different angle.

-The exam was easier than QAE.

-The trickiness of ISACA questions I thought was overstated. Read the questions carefully, and always ask ‘What is this question asking?’. Look for words like first, best, and most concerned.

-There will be hard stretches during the exam. Don’t freak out, stay in the moment and give the best answer on what’s in front of you.

-I only marked 2 questions for review. If I didn’t know it, I guessed and moved on. I felt like this made my review more impactful, and I wasn’t in my head calculating how many questions I wasn’t 100% sure about like I have been on previous exams.

I hope this is helpful! Overall, the study process was challenging but definitely doable!

reddit.com
u/nstrawd — 10 days ago
▲ 6 r/CISA+2 crossposts

30k trca analyst

just got a new job as a tech risk and controls assurance analyst but idk what the future trajectory of this role is. i kind of am losing hope because my goal is to have a 6 figure salary within 5 years but idk what i can even do with this role to achieve that. i have cisa too. help

reddit.com
u/AuditMaxxing — 8 days ago
▲ 26 r/CISA

Enjoying this liberating feeling :-D

https://preview.redd.it/h7vgobly0e9h1.png?width=759&format=png&auto=webp&s=015330bfea444e846ed10e4b4227db1edaa4c50a

Passed it two weeks ago in first try. 🎉 I learned for around ten days in the evenings after work and one intense 3-day-weekend.

Only used the QAE. And there is plenty of free summarys which can give you a good view on how to apply the "ISACA logic". This was challenging for me in the beginning, as I already worked around 4 years in external IT audit for a Big4 company, and sometimes the prios for ISACA are different than those how you sometimes would do it in the "real world". 😄

However, my advice it to not overthink it. I stressed myself hard after two days thinking i would fail 100%. 😄 However, If you do the QAE, write down the ISACA vocabulary which you didnt understand and get a feeling for the ISACA logic, I'd say it's definitely manageable.

Feel free to ask any questions :)

reddit.com
u/Significant-Sport718 — 11 days ago
▲ 11 r/CISA+1 crossposts

ITSG-33 ,ITSP.10.033 - community- Gov't of Canada's NIST based framework.

Hello,
I am on a team that is working toward ATO- Authorization to Operate for Government of Canada IS/IT projects. The frameworks are ITSG-33 and ITSP10.033 , different annexes based on the project. These are based on the NIST rev5 framework. I'm looking for a community for people that work on evidence collection and control mapping specifically for these frameworks. What is the best community to collaborate in if one does not exist?

reddit.com
u/zacj_rag — 10 days ago
▲ 3 r/CISA+1 crossposts

AAIR exam first try failed

I took the AAIR ISACA exam this morning and was sadly that I failed. I have my AAIA, CISA, CIA, CFE all passed on the first try. I used the ISACA AAIR study material including the ebook, review course and question database. I was getting excellent with above 95% on all domains on the practice exams and all questions in the ISACA database. Has anyone passed the exam or failed? Any advice on resources that can help me pass the second time?

reddit.com
u/PralineOne3209 — 11 days ago
▲ 4 r/CISA

Need a sanity check on this Risk Owner vs. Custodian question (Domain 2)

Q: Who is MOST likely responsible for implementing a technical control to mitigate an identified risk?

A. Custodian

B. Compliance officer

C. Risk owner

D. Senior management

The correct answer is C. Risk owner

Official Justification from the practice test:

>

I picked A because in my experience "implementation" implies the technical work done by the Custodian. Any advice on how to better identify when the exam is describing Custodian or Risk Owner would be appreciated.

Thanks!

reddit.com
u/Creative-Support1018 — 10 days ago
▲ 23 r/CISA

Passed First Try

Hi, everyone! Long time lurker so want to share a bit about my background and what helped me.

Background
I am a young professional who is finishing my first year of employment as an IT Auditor. My goal was to pass the exam before my work anniversary and do whatever I needed to overcome my lack of experience in the field. I also have a degree in data analytics which I feel helped me a little bit in the stats and hardware sections of the exam.

Studying
• Started with the Doshi textbook mid February ‘26 and liked how it was written like a novel. Gave me a great taste of the material.
• Purchased the QAE and was originally only scoring around 65%. Felt like I was just missing core content so decided to look into the Review Manual.
• ISACA Review Manual: Took detailed notes in particular around Domains 4 and 5 since I don’t touch those subjects in my daily job. Felt like this was for sure worthwhile and provided the basis of knowledge I needed to answer the QAE questions successfully.
• Took the QAE database once again and practice exam one (83%). Then went through each question in the database and made sure I understood why it was correct/incorrect. Called on AI all the time for clarification/breakdown.
• Days before the exam, I went over some Domain 5 questions in Pocket Prep and took it real easy.

Exam Day
• Decided to take the exam in person. Knew I’d have less distractions and would be in the zone at a secondary location. Would recommend if able.
• Felt like my study method for me was perfect. Gave me the content knowledge for the simple questions and the discernment to navigate around the tricky questions.
• Zoomed through the exam, took quick breaks, and had a feeling I at least had a fighting chance at passing.

Concluding Thoughts
CISA is just like any exam you’ve taken. If you put your mind to learning the material, you’ll feel very confident and have a good time on test day. The exam was much easier than I feared it would be.

reddit.com
u/Particular_Variety27 — 11 days ago
▲ 5 r/CISA

CISA Exam takers in the Philippines

I am working in Audit, and I plan on taking the CISA exam this year or early next year, may I know your experience here in the Philippines re: this.

What are your suggested resources? review centers (if there's any), and apt study time if you have 4-5 months to prepare.

Other tips are greatly appreciated :D TIA

reddit.com
u/Odd_Constant9776 — 10 days ago
▲ 20 r/CISA+1 crossposts

Jobless

I have all ISACA stuff CISA, CISM, CRISC and PMP and I'm jobless. My last experience was an technical lead.

Would my profile would be attractive for recruiters and would i find a job ?

reddit.com
u/No_Sense9032 — 13 days ago