CISA is a paper based / scantron exam? Why no CBT? & why only x3 a year? / no late

Ok, just passed the CISSP & now looking at the CISA

I sort of, ok really I do not understand why no CBT?

In my head, the only reason I can see ISACA restricting their testing is to create a extra barrier to certification. Harder to obtain, higher value it is perceived.

Someone please explain into why only 3 tests available a year & why one must preregister a month+ just to sit for the thing?

on ISACA website they state
* controlled environment (they can control it better if they do it, well by limiting to x3 a year & them doing it ok I guess?)
* test fees would go up if they offered CBT - (but it costs more than CISSP & is a shorter test? huh?)

this is just a vent & maybe someone can enlighten me

Find more posts tagged with

SAVE $250 on Your ISACA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View ISACA Boot Camps

Comments

636-555-3226

computer based testing? they don't want people to ****. all of these organizations have a limited bank of questions. if just one person a year leaks out 150 questions, that instantly invalidates a substantial portion of the questions they use on tests.

if they only have 1000 questions in the CISA test bank then 15% of the questions are useless. that's a big number and means that people who do want to **** are going to get a big leg up over others on the exam.

those cheaters will then get certified and use that certification to get a job that anticipates them using the knowledge they don't actually have in real life.

their bosses find out those people don't have the skills the certification proves they do/should have and the certification loses value for employers.

once the certification loses value people stop asking for it. if people stop asking for it then people will stop taking the exam. if people stop taking the exam the certification body loses money. if the body loses enough money it goes out of business and everybody who has the certification loses the value of that certification when 5 years later employers are like, what's a CISA?

3 tests a year because there aren't a ton of people who take these tests. when you show up to a testing center you'll see maybe 20 people taking the CISA, 10 taking CISM, 5 taking CRISC, and 1 taking CGEIT. That's close to 40 people three times a year. if they offered the test 6 times a year then only 20 people would be taking the test at each location. ISACA would double their costs without filling more seats.

you have to preregister because 1) rooms have to be booked at hotels to take the tests and 2) proctors need to be hired from professional testing companies. both of these steps require a certain amount of pre-notice so the hotel can prepare and testers can be prepped.

as far as testing fees going up, i don't know the specifics, but my guess is Pearson Vue (or whoever) takes a bigger cut of the pie as opposed to the conference room & proctor.

While I personally would prefer the computer test since it's easier and more convenient, I can't knock ISACA for the procedure since it makes sense. ISC2 used to be the same way until a few years ago. I had to drive 90 minutes to take my CISSP on a scantron back in the day. Didn't like it, but I know why they did it.

dustervoice

Paper based i can understand to prevent leaks etc. but what i don't get is the 5 weeks wait for results.

636-555-3226

dustervoice wrote: »

Paper based i can understand to prevent leaks etc. but what i don't get is the 5 weeks wait for results.

I **think** (but could be wrong) that the third-party testing provider handles everything. So all locations globally have to mail in their scan trons, the company has to scan in however many (1000? 2000?) which in my previous life was a crappy MANUAL process since my old job didn't have an automated feeder. Then once the results are in a psycometrics eval takes place to see statistically what is a good question and a bad question. Any "bad" questions are probably flagged and sent to ISACA. ISACA then provides them to their test auditors (my guess is third-party people who did really well on previous exams) to review. Those auditors have to go back and forth on each "bad" question to come to an agreement as to which should stay or go (my guess is this is the longest part of the process as we're all working professionals with 9-5 jobs already). Then ISACA gets those results back in and gives them to the testing authority who then discredits any "failed" questions and rescores each exam to disregard the bad ones. then the bell curve is generated and people are slanted one way or the other (for everybody who get an A on the curve someone has to get a D, after all). then the results are tallied, really high scorers are notified they're really smart and did really well, and the results start to go out. No results can go out until the process is 100% complete since it's a bell curve and the grades all have to be in ahead of time before the curve is finalized.

and don't forget through the entire process the testing company is doing statistical analysis to see if there are any cheaters and i'm sure there's some kind of notification/appeal process built in there, too.

FWIW, this is all hypothesis and speculation since i have absolutely no affiliation with ISACA other than having a few certs with them, but I've taken many a test for many an org throughout my lifetime and you tend to learn things along the way. aggregate all those little bits of knowledge and you can sometimes come up with an educated guess as to the whole

TheFORCE

Another theory for the paper based test and the limited exams per year is that this way ISACA can control the numbers of certified individuals. Maybe they don't want everyone to get certified. This adds to the "prestige" of the certifications.

JDMurray

ISACA is a small organization and can only handle just so much content creation and certification/membership bookkeeping.

There is some insight on ISACA at Glassdoor: https://www.glassdoor.com/Reviews/ISACA-Reviews-E608204.htm

dustervoice

ive never seen a company with such a low ratings on glassdoor. wow!