FREE CISA Study Guide

cisa study guide, tipsWhen I was studying for the CISA, I created a 40-page study guide for myself that you can download for free.

If you decide to use it, here’s a couple points to keep in mind:

  • The guide alone will not be enough to pass the exam. Because I created this guide for myself, it contains only material that I thought was important, thought was going to be on the exam, or needed to brush up on. I left out most of the stuff that I already knew. Even so, I think you will still find it helpful, especially since the price is right.
  • To prepare for the exam, I read the official ISACA CISA Review Manual, Sybex’s CISA Certified Information Systems Auditor Study Guide, went through the study questions associated with those books, read some miscellaneous materials, and also attended a CISA review session provided by my local ISACA chapter. This guide is based on them, but people make mistakes, so if something doesn’t seem right, check it out. Errors may have been in the books or my paraphrasing of the material, or both! In the end, always judge what you read, and think for yourself!
  • The guide is divided into these sections (which ISACA has since revised for the exam):

IS Audit process
IT Governance
Systems & Lifecycle Mgmt
IT Service Delivery & Support
Protection of Info Assets

  • Throughout the guide, I highlighted key sections and phrases. I also made acronyms out of many of the key concepts. For example, I memorized the 7 parts of the Code of Ethics using the acronym: IPS PC DE.
  • This guide contains more IT details than you’ll probably need, as one of the big surprises when I took the CISA was how few questions on my exam related to IT. For example, this guide includes the 7 OSI layers according to ISACA. I’d memorize the layers, but not all the details regarding each layer. Regarding the IT content of the CISA exam, see these posts: Where is the IS in CISA? and More on the CisA Exam.
  • Finally, remember that I created this guide for myself, so there will be things you may not understand or seem strange. When something strikes you the wrong way, just shake your head and move on. Or leave me a comment and I’ll respond.

Final Suggestions

Download CISA Study Guide

To download the guide, go to the Free Downloads page. After you download it successfully, please leave me a comment that you were able to do so–this will help others understand they are doing something wrong, and nothing is wrong with the download link. THANKS!


According to one commenter, 1tsm3, the CISA Study guide “contributed to my passing the June 2014 CISA exam!” See the comment here.


See my post regarding the FREE CISA Glossary.

See all posts related to CISA .

Good luck! And have fun.


73 responses to “FREE CISA Study Guide

  1. Hi Everyone,
    If you’re interested in what readers like you had to say about the study guide, check out these comments:


    • sandeep

      Sir ,You mentioned that you have practised 2500 questions for cisa can u provide those questions?


      • sandeep,
        Those questions came from the books I purchased and the local ISACA chapter seminar that I took. I don’t’ have them anymore and couldn’t legally share them if I did. Sorry.

        The only free questions I know of are in this post: FREE CISA Prep: Self-Assessment Exam. Check out that post on this blog.


        • sandeep

          thanks. I think passing cisa is a tough ask. sir can u guide how to plan study ? and what should be right method? and i find it difficult to apply the studied concepts to questions .


        • sandeep, I’m responding above your comment rather than below as no REPLY button was after your 10/11/15 comment. Not sure why.

          ISACA provides outlines and guidance on what you need to know for the exam in their official book. Focus on those items.

          Use the questions to determine where you need to study more. The more wrong answers you get for a particular chapter or exam area, the more you need to better understand and study that area.

          Don’t just learn all the “right answers”. It is better to understand the material as questions on the exam sometimes differ from the study questions.

          Again, focus on the audit side rather than the IT side; the audit is so much more important FOR THIS EXAM.


    • kashif Naveed

      I appreciate your effort of providing such notes. I overviewed and it look awesome.
      Thanks again
      Kashif (CIMA-London)/ACMA(PK)/MBA (Liverpool)

  2. roopaamit

    Hello ,

    I am not able to download the document. I get an error that the service is unavailable. Please could you help.

    Roopa Amit
    UPDATE FROM ITAUDITSECURITY: I no longer email the document. See red text on the Downloads page. Sorry. – Mack


    • Roopa,
      Not sure what problem you’re having. Please provide more details on what you did (links you clicked). Otherwise, I can email you the document.


      • roopa


        I first went to the below mentioned link

        Roopa Amit


        • roopa,
          You didn’t say which link you clicked. I assume you clicked the ‘Download CISA Study Guide’ link. I logged out as admin of the blog and clicked the link as a regular user in Firefox, IE, and Opera. All worked fine except Opera. When you get to the Skydrive site, you have to click the file itself to download it.
          What browser are you using? I suggest you try another browser or ask someone else on another computer to try the link. Please let me know.
          In the meantime, I’ll email you the file.
          Sorry you’re having a problem.
          ANYONE ELSE HAVING THIS PROBLEM? Let me know. Thx


      • Arif

        I would be greatful if you please send me the document. i need it badly.


        • Arif,
          I sent it.
          Please leave me a comment regarding: 1) why you could not download it (what browser & version were you using, what messages appeared), and 2) after you read it, what you thought of the guide.


  3. Randy

    I was able to download it just fine. I downloaded it via Google Chrome. Not sure what the problem is that Roopa is having.

    By the way, thanks for creating the guide and the blog posts. Very helpful.


  4. Sunny Shewani


    Excellent guide to start of with CISA preparations and for revision once we have read through the manual
    However just to update, CMM is now an old legacy model of SEI.
    CMM is now CMMI, however the basic contents mentioned remain the same.
    Thanks once again for the guide

    Sunny Shewani


  5. hasan

    well I am newly wisher to this certification please guide me that how may I execute these upper ACL files which downloaded …


    • Hasan,
      The CISA cert and the ACL files are not connected. ACL is data analytics software that is primarily used by auditors. To use the files, you have to have ACL software.

      The ‘ACL in Practice PDF ‘ document explains how to use the ACL files. To get ACL software, see the post Teach Yourself ACL .


  6. khurram

    can you please tell me which manual is best and enough to read Sybex or CISA official review manual?


  7. Eddie

    Hi i am new to CISA and from the accounting background

    Can you suggest me any study material for CISA Exam and the ideal time for preparation of Exam


    • E,
      As noted in the 2nd bullet above, use the official ISACA CISA Review Manual. If you can afford another book, get Shon Harris’ CISA guide.

      I’d recommend about 3 months preparation at least, for reading, taking notes, and going over and over test questions.


  8. Swaroop Kulkarni

    I am not able to download the free CISA study guide, Please email it to me.
    [I sent it – Mack]


  9. Pls sent me cisa study guide iam unable to download it


    • Sonu,
      Sorry for your troubles, but please provide more info like what browser did you use and what happened? What did you do and see? I haven’t been able to track down the problem and need help doing that.


  11. Cristina Serrano

    Hi I wasnt able to download the study guide. I tried downloading it using Windows Explorer and Google Chrome. I click on download CISA study guide and got an error message stating “webpage not available”. can you please email it to me, thanks.


  12. Chris

    I wasn’t able to download the study guide using Google Chrome 33.0 or IE 10. The error messages simply say that the page cannot be displayed. Thanks.


    • Chris,
      Sorry about that. I always recommend Firefox. The email address you left in the comment does not appear to be valid, so I won’t be able to send it to you. Leave me another comment with a valid email address; if you leave it in the email field, only I will be able to see it.


      • Chris

        Thanks a lot for the reply. The email should be valid, as I received notification of your above post at the email that I submitted. I’ll also leave another comment in case it doesn’t work for some reason.


  13. Sunil Kr Bisht

    Team, you guys doing a wonderful job. I am sorry but I am not able to download the study guide. Request you to please send it to my email address. Email is


  14. 1tsm3

    Thanks to your manual … it contributed to my passing the june 2014 CISA exam! Keep on blogging bro!
    from the land of k1l1manjaro and the s3r3ng3ti. :-)


    • 1tsm3,
      Thanks for letting me know. I’ve heard lots of good comments about the guide, but I believe that’s the first time anyone has ever said the guide specifically helped them pass the CISA exam!

      I’ll keep on blogging, but it’s much harder work and takes a lot more time than most people realize. I’ve been doing this blog since March 2009. I haven’t run out of material yet. But finding the time to keep the posts coming is hard.

      I always appreciate the comments and how skyyler and I have helped others. That’s our reward. Thanks again!


  15. Faraz

    Good afternoon,
    I love reading your blog. Thank you very much on the tips you give for the CISA exam. I had a quick question that I was hoping you could answer. How does an employer look at a candidate who has passed the exam but still hasn’t received the work experience to get the license? Do they even consider them? Is it worth taking the exam if a person doesn’t have the work experience to get the license? Is is possible to pass the exam and then get the experience? I hope you can shed some light on the subject matter.

    Thank you


    • Faraz,
      I believe that if you have 2 people who don’t have much audit experience, but 1 person has passed the exam, that person will have the edge.

      I have mentioned elsewhere that one company I worked for hired two internal candidates, and neither had an audit cert or audit experience. One person had a privacy cert and the other had some IT experience.

      Neither of these people were cheaper than hiring an auditor with some experience, but no certs, as they had been with the company several years. That’s probably why they were hired. As as noted elsewhere, 1 is doing real well and the other’s progress is still debatable.

      You will have an easier time getting the experience if you have the cert. If you don’t have the cert or experience, how will you sell yourself to an employer? At least with the cert you have demonstrated that you have a basic understanding of the concepts the cert covers.

      I appreciate your feedback on the blog. Glad you enjoy it. I trust you are recommending it to others as well.

      Good luck!


  16. pankaj

    Hi, Just able to download. thanks a lot!


  17. kanika

    Hi Pankaj , are you registered as a member with CISA?


  18. Pushpita Ghose

    hello Sir, I would like to know that is 2 months enough to prepare for the CISA examination.


    • Hi Pushpita,
      It depends on your background and the amount of study time you have. If you have no IT or audit experience, I’d so no. If you have some experience and can study a lot, maybe you could do it. I would not advise it unless you catch on fast and do well on exams. Best wishes, Mack.


  19. Pinaki

    First of all let me thank you for this awesome guide. The documents are simply awesome. I have downloaded all and helped me a lot. I am taking the preparation to achieve CISA. Thank you once again and keep this good job. God bless you. Thank you..

    With Warm Regards,


    • Pinkaki,
      That’s why I published it. You’re welcome. All I ask is that you turn around and free give back to others to help them in their journey. God HAS blessed me and allows me to bless others..


  20. Muthuvel

    I googled for CISA and found this blog. Very useful. Thank you very much. NO body offered this much of information free of cost.


  22. Vanita

    Hello, I am trying to download free guide but not able to open it. could you please send this on my email address


  23. wuraola

    Hi just came across this blog, and l have read all the comments since you created it. l just downloaded the free study guide, thank you so much, you are my hero God bless you real Good. Am a programmer/web administrator, l decided to change my career and move into ls auditing because am not enjoying my job anymore. And since l started studying l have been enjoying it , l am so sure this is what l want to do and am excited about it. Can you please be my mentor?will really love to hear from you.


  24. Talal Javaid

    Just 2 weeks remaining.. and i was pretty was 70% sure i will pass the exam. because i am getting approx 75-85% rate in ISACA, QA database. but today i took your exam. 2 thing. your question are more difficult to understand and also time is too fast.. i could do only 15 question from 20 . and just did 50% wrong … now i am suddenly in a feel that i will fail..


    • Talal Javaid,
      Not sure what you mean by “my exam”. The important thing is that when you miss a question, you figure out the right answer and why you chose the wrong answer. In other words, learn the material and understand it.

      If you’re doing 75-85 in ISACA, you’ll probably be ok. Believe in yourself and don’t panic. Keep working at it.


  25. vikas

    I am beginner could i prepared for cisa exam. because after passing the exam we have 5 year to show experience. I want to know cisa, is it harder exam. How much months enough for preparing the cisa exam.
    please tell me the detail of practice question where we can practice and best book i must study. what approach i should follow.


  26. NK

    Hi Mate,

    Thanks for your great posts. I’ve been using the information to structure a study process for myself. I’ve covered the Book almost 2 times, and have finished the Q&A DB at least once and am revising it. The CISSP book was of great help to disambiguate the technical side of things – must say its a great book. I’ve also used Cannon’s book for reference as well; however, seems like I am at peace with the CRM now, and am running thru it a 3rd time.

    I’ve done the CISA self assessment exam provided in your link, and have scored an 84% in it also.

    Of you i have one question. I have developed this habit of linking the question to the domain and then I rummage for the info at the back of my head to get it absolutely right. This can get me into trouble. Can you help ?



    • NK,
      Sorry, but I’m not understanding what you’re asking me. Please say it again in different words…

      I will take a stab at what I think you meant….It sounds like you are memorizing a lot of info and trying to access it to answer questions. Some stuff you have to just memorize–but overall, you need to work at understanding what the question is and how the answer fits the question and what it really means.

      That way, you don’t have to memorize as much and you retain true knowledge instead of just facts. It is similar to the difference between remembering the lie you told and just telling the truth, which you don’t have to remember as much–the truth is usually just there.

      Also, understanding a concept will help you remember and apply it. If you just memorize to pass an exam, how will that help you in the real world when you face a similar problem and have to make a decision? If you do just what is needed to pass, that will hurt you in the long run. Life has many shortcuts, but they all come with a high cost. Make sure you consider the high cost of shortcuts AND are willing to pay the price later.

      Hope that makes sense. Let me know if you want to discuss further.

      If I misinterpreted your question, I apologize. Cheers. Mack


  29. zamile

    I am failing to download the guide it shows the link but when i click there in no guide to download please email me i really need it


  30. z,
    Click this link if that doesn’t work, try another browser.

    This guide is downloaded many times a day. Some people have problems, but most don’t. Sorry for your trouble, but again. try a different browsers.

    Future requests like the one above will be deleted and ignored. Sorry!


  31. Nadia

    Thanks a lot ..Was scared to take the exam as so much to read and prepare but your guide is helpful


  32. Deepak Oswal


    i also wish to take CISA exam this year and started preparing for the same. I have your guide but i know this only will not help. I need information on correct book material that i can use. As in today market there a lot’s of book, but whats the difference and which are the correct one’s to follow. Please let me know. if possible, since you mention you ISACA Delhi chapter helped you. let me know how joining their community can be helpful. Are you also a member? It would be great if you can pm me your contact number to discuss in person.


    • Deepak,
      I always recommend the official ISACA book, as it’s their exam. As for others, I’d suggest asking CISAs you know, or contacting the closest ISACA chapter. Or find a large company in your area that has an internal audit department and talk to some of their auditors.

      I can’t recommend any of today’s books as I haven’t read any of them.

      My local chapter is not the Delhi chapter as I’m in the US. Chapters can help you by providing seminars, workshops, and advice on studying. You may also find others nearby you can study with or chat with re: questions.

      I belong to ISACA as my CISA certification is current. You have to belong to a local chapter to maintain your cert. You don’t have to attend meetings and you can ignore your local chapter if you want.

      I don’t give out my contact info. Best wishes. Mack


  33. Basu

    Hello There,
    Can anyone help me understand from basics? at least the resources I can avail! Im into identity & Access management profile for 5 years, Want to do CISA certification. Kindly guide me how do I start preparing.


  37. Olaniyi

    Please send me the CISA study guide. I was unable to download it.
    Thank you.


