Recently passed the CISA and thought I’d share my experience since this sub provided me some useful information.
Background Work Experience: 3 years of IT internal audit
Education: Bachelors Degree
Study time: About 2 hours a day for 1 month
Study Materials: Official CISA QAE (paper book version) CRM (barely used it, basically just used for glossary definitions) Random free YouTube videos/web content (including all Doshi videos, CISA study website, and other “random things I stumbled upon the internet.)
In my option, here were the 3 most valuable “tools” I thought helped me pass the exam (in no particular order):
QAE: Very helpful. If you go through the entire QAE and truly understand all the questions (not memorize), it will come in very handy during the exam. I went through the QAE about 3.5 times.
My work experience: This was very helpful on the exam. My work experience is very close to the content on the exam so this is a factor that should not be overlooked. Those without any IT audit experience will definitely need to study a lot harder to pass the exam.
YouTube/Free internet content: I watched all Doshi videos which helped my full a few knowledge gaps. I used simple google/YouTube to touch up on topics I struggled with in the QAE.
The exam Exam was challenging but definitely not as hard as this sub makes it out to be. I’d say 7/10 difficulty for the questions (I’d say the the QAE questions are a 4-5/10). The good thing was that I was able to narrow down nearly every question to 2 possible answers which goes a long way to actually passing. IMO every question had 2 obviously wrong answers. What makes the exam harder than the QAE is not necessarily the content but the fact that nearly all exam questions have 2 answers that seems right and you’ll have to think hard to pick the right answer. I ending up flagging 58 questions I wasn’t sure about and was able to narrow almost all those down to at least a 50/50 guess. When I hit submit I was confident I passed.
Total score: 573
Domain 1: 599 Domain 2: 538 Domain 3: 503 Domain 4: 643 Domain 5: 546
Final thoughts:
Looking back I probably over prepared. Exam was tough but not crazy. Questions were challenging but achieving a passing score is not that hard. Someone with some IT audit background like myself could pass the exam on the QAE and work experience alone.
I hope this helps! Feel free to comment or dm me with any questions and I’d be happy to help.
I went out and bought a book on the CISA. I did get the ISACA book but it was too dry for me. So I studied 6 hours a day. At the end of each chapter, I took the quiz and the questions I got wrong, I researched them. Once I finished the book, I went out and got another one.
It got to the point all I thought about was the CISA. As in test taking strategies. Read all the answers and look for the one that is totally wrong and work up.
Before the test I took a Xanax so I wouldn’t stress out. Of course I brought extra pencils and sharpeners. Also water to keep me hydrated and a semi sweet chocolate bar. After a couple of hours you will hit brain fog. The chocolate bar will help to get rid of that.
I finished 20 minutes early. I stepped outside and was talking to another person that had just finished. I said to him take this pencil and stick into my eye and swirl it around a little to see if it was less painful then that exam.
The saddest thing I saw.
Before they let us in all of us were outside and I was striking up conversation with some of the people. I looked over and saw this one person carrying this one book on the CISA and said if that is the only book he read, he will fail the test. It was the worst book on it. Twenty minutes into the exam he raised his hand and left.
I am still trying to process how this happened. I put a lot of time (upwards of 6 months) into the studying for this exam. I have a strong IT background. It doesn't matter though. You will fail the exam if you don't master the "audit" perspective on IT devices. I am here to say that the QAE database is not effective. Upon signing up for it, I was able to answer "difficult" and "expert" questions without much studying. Also, the questions for the database are all over the internet in blogs. I am fairly certain that you could find all 999 questions in the QAE database online! And some of these blogs have been online since 2014, so you guessed it. The same questions have been circulating for at least 7 years. Simply put, the QAE databases are not an accurate representation of the exam questions. The actual test questions are steered toward auditors with an intermediate or higher level of experience. No one told me this test was difficult. Some people told me they passed without reading the book and just relying on the questions. When I heard stories like this, I kept saying to myself that the test cannot be that hard. Those same people BARELY passed, but they passed.
For the second time around, I won't be utilizing the questions. There is no sense in spending another $300 on a bank of questions that is NEVER refreshed and outdated, and are published all over the web. Basically, I am going to have re-read the book again. I'm going to have to break down each device / area and thoroughly study the audit aspects of each. I may also look into some videos or other angles.