Passed CISA - Non IT Background

Hi All,

I took the exam on Saturday, it was my first attempt and received a provisional pass. Let me share my experience:

1) I am into operational risk and has very less exposure to the basic IT controls.
2) I studied for around two months and used Official CRM and QAE database (hardcopy).
3) Firstly I ran through official CRM once, underlining what I considered could be important. Didn't bothered if some terms seemed alien to me.
4) During my second reading of CRM, I studied in depth, tried to concentrate and making sure I understood the principles, after reading each chapter I attempted the questions from QAE database for that chapter.
5) I revised QAE database one more time, marking the answers which I got wrong even after my second attempt. As advised my many in the forum I tried to explain myself why a certain answer is right and why the other three choices were wrong.
6) Exam was indeed tricky one, only 15 - 20 questions were like easy where I was sure that I got them right. The others questions I have to really think through though I was able eliminate two wrong choices in most of the questions.

Finished the exam in about three hours and was mentally exhausted. My advice to non IT guys would be not to get scared by heavy technical terminologies, just having a basic idea on them is fine. Many questions can be answered by one's auditing experience.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

NerdJock

Insanely the most frustrating part about an ISACA exam. You can hammer down the terminology in their CRM and work your way through the ISACA thought process in the QDB...but when you sit for the exam, you're wondering if you were handed a test booklet for a different exam.

I failed back-to-back CISA attempts after I finished my undergrad, like 10 years ago. I took the CISM in 2015, and I studied by butt off for 3-months. Took a boot camp the week of the exam. The teacher gave us a mock exam the last day, same deal 200 questions and 4 hours. I finished in about 2 hrs with a 90% score. Sat for the exam and was completely lost. Took me almost the entire 4 hours to complete. Pretty much threw my finished exam and the proctors in anger. Not even remotely sure how I passed, but...

K-9

Is the CRM and QAE database enough? Is the online training necessary?

anilkumartr

QAE is not enough, refer that only if you have in-depth knowledge of the subject ,QAE will fill the gap in your understanding. none of the questions appear in the exam not even a simple questions.

K-9

anilkumartr wrote: »

QAE is not enough, refer that only if you have in-depth knowledge of the subject ,QAE will fill the gap in your understanding. none of the questions appear in the exam not even a simple questions.

Agreed that QAE is not enough. Is the CRM plus QAE enough? Is online training necessary? I have extensive IT background.

anilkumartr

CRM should help. since you have cissp , most of the contents in CISM are similar. Only need to think as a IS manager while answering. since i was studying for cissp, i had a confidence of clearing cism with just going thro some online video's. I did the same to pass the cism. good luck.

K-9

Thank you!

averageguy72

Congrats!