Passed CISA as Grad with no experience
Background: I graduated with an IS degree and have only done one year of IT-related internships.
I took the exam yesterday and passed it on my first attempt. I spent a few months reading the manual many times and researched topics I wasn't familiar with. I then did all the database questions in one shot (each domain separately) with a 75% average. Once I became familiar with the ISACA mindset and logic, I was able to boost it up to 90s and late 80s in no time. I struggled mostly with the networking concepts, which were barely covered on the exam!
This was the most intense exam I've ever done, but it felt more straightforward and easier than the database questions. Half way through, I felt that I had a good chance of passing it. Initially, I pretty stressed out, so when I first started doing the questions, I felt out of place, especially since they were different than the database ones. After a while, the ISACA thinking came back to me and I saw the questions/answers more clearly.
I flagged about 30-35 questions, but I actually felt pretty confident for the most part, strangely enough. I finished everything in three hours and then just reviewed the flagged questions (2-3 changes). My heart was pounding hard the last 10 minutes, not because I thought I would fail, but because I was just so close to switching my mind to "passed CISA" mode and was still kinda worried that maybe... I might fail. With ISACA exams, I guess you never really know.
I was told many times that this exam requires "work experience" to pass it. Well, you know what? I did not feel like I needed work experience to properly answer the questions. Maybe that's just me. I've always been an A student and aced exams, so who knows. So I guess my experience would apply to graduates who have time to study hard and be prepared. However, I can say with confidence that having a good understanding of the CRM concepts and acing the database questions are more than enough to pass the exam.
Yes, I know I won't get certificated. That wasn't my goal. My aim is to launch my career in IT auditing and having passed the CISA exam, I hope that will give it a boost! But the job search is the most challenging part.
I'm very curious to see what kind of score I managed to get. I have a feeling that I did well and did not just barely pass. Can't know for sure.
I took the exam yesterday and passed it on my first attempt. I spent a few months reading the manual many times and researched topics I wasn't familiar with. I then did all the database questions in one shot (each domain separately) with a 75% average. Once I became familiar with the ISACA mindset and logic, I was able to boost it up to 90s and late 80s in no time. I struggled mostly with the networking concepts, which were barely covered on the exam!
This was the most intense exam I've ever done, but it felt more straightforward and easier than the database questions. Half way through, I felt that I had a good chance of passing it. Initially, I pretty stressed out, so when I first started doing the questions, I felt out of place, especially since they were different than the database ones. After a while, the ISACA thinking came back to me and I saw the questions/answers more clearly.
I flagged about 30-35 questions, but I actually felt pretty confident for the most part, strangely enough. I finished everything in three hours and then just reviewed the flagged questions (2-3 changes). My heart was pounding hard the last 10 minutes, not because I thought I would fail, but because I was just so close to switching my mind to "passed CISA" mode and was still kinda worried that maybe... I might fail. With ISACA exams, I guess you never really know.
I was told many times that this exam requires "work experience" to pass it. Well, you know what? I did not feel like I needed work experience to properly answer the questions. Maybe that's just me. I've always been an A student and aced exams, so who knows. So I guess my experience would apply to graduates who have time to study hard and be prepared. However, I can say with confidence that having a good understanding of the CRM concepts and acing the database questions are more than enough to pass the exam.
Yes, I know I won't get certificated. That wasn't my goal. My aim is to launch my career in IT auditing and having passed the CISA exam, I hope that will give it a boost! But the job search is the most challenging part.

I'm very curious to see what kind of score I managed to get. I have a feeling that I did well and did not just barely pass. Can't know for sure.
Comments
Along with me MIS degree and CCNA I also have a business management diploma and 1 year of server experience. Can you please guide me as to if the CISA cert is worth going for at this stage of my career. I also want to hit the big 4 consulting firms.
Thank
When it comes to CISA, you will get different advice. I'm not familiar with CCNA, but having an MIS degree and business management diploma is good. Many professionals I've spoken with tell me that passing the CISA exam will help me stand out from other candidates. You can start working in an industry, or start off at an audit firm, which is recommended, since you will learn a lot more.
Personally, I have my own reasons why I want to get into IT auditing. It's not the pay or the amount of jobs available. I believe in theory, it would be the best fit as a career. So find your own justification and try to pass the exam. Perhaps join and volunteer at your local ISACA chapter, but yeah, finding a job is hard. I've been on vacation, but I will soon start the job hunt again.
Let me know if you have any other questions.
And senior manager and above (which I was) get a pretty good salary - and if you get to partner - the sky is the limit trust me.
I shouldn't replied earlier... but did you mean having passed the CISA exam or being an actual CISA?
Either.... if you have passed the exam and don't have the experience yet that's totally OK, it shows your commitment to the field and career focus. All you do is go to the top 10 accounting firms and check out their IT audit vacancies/or approach them on LinkedIn. They will value the fact that you have the grounding and they don't need to put you through it. Once you go through a few end to end audits, things will fall in place (e.g. Where to find compensating controls, what's exactly a vulnerable control etc).
Best of luck.
Do you have any other advice about the interview process for an IT auditing position at a big 4. I've never mastered interviews and never will because I just hate them. Definitely not good at BSing, not my thing.
Regarding interview process / will be competency based when you had to show communication/leadership/decision making/multi tasking skills as these are the qualities required to do an audit. Technically nothing major - usual stuff around access control, encryption or data protection at rest/transit, admin account protection etc etc.
Big things to audit these days revolve around security, cloud, mobile along with traditional elements. Standards such as ISO, SOX, NIST, HIPAA, GLB, GDPR nice to mention showing you understand the way industries are moving.
First thing to do is clean up CV and mention CISA, MIS great degree and relevant? put in key words around policy, standards, compliance, cyber etc and target roles at analyst level or better still associate by justifying your CISA.
That should help you get foot in door. Remember it's working towards being a partner that is where real bucks come. Honestly 99% roles money wise won't compete if you make it to this level and that too become senior partner one day. Naturally hours, lifestyle won't be suitable that's why I left and went into investment banking becoming deputy head in technical cyber assurance.
Best of luck keep me posted.