ISACA · IT Certification
Use this 12-week roadmap to focus on the exam domains that matter most, choose a strong core course, and turn your prep into a weekly plan.
Use the free PrepPath plannerCISA (Certified Information Systems Auditor) rewards consistent, blueprint-led practice. Start by learning the highest-weighted domains, then use practice results to rebalance your time before exam day.
How long to study
A 12-week CISA (Certified Information Systems Auditor) study plan gives most learners enough room for first-pass learning, targeted review, and at least one full practice pass. If you are already strong in the fundamentals, compress the early lessons and reserve the final weeks for weak domains and timed practice.
Blueprint breakdown
| Domain | Weight |
|---|---|
| Information Systems Auditing Process |
21%
|
| Governance and Management of IT |
17%
|
| IS Acquisition, Development & Implementation |
12%
|
| IS Operations & Business Resilience |
23%
|
| Protection of Information Assets |
27%
|
What's on the exam
Covers planning and performing IS audits to standards — risk-based audit strategy, evidence collection, sampling, and reporting findings and follow-up.
Covers IT governance and strategy, policies, organizational structure, IT management practices, and alignment of IT with business objectives.
Covers evaluating practices for acquiring, developing, testing, and implementing information systems, applications, and infrastructure.
Covers IT operations and service management, business continuity, disaster recovery, and the resilience of information systems.
Covers information-asset security — access controls, network and endpoint security, encryption, and physical and environmental protection.
Suggested timeline
This is a blueprint-led default — front-load the heaviest domains, then convert weak spots from your mock results into targeted review. The free planner turns it into exact dates.
| When | Focus |
|---|---|
| Weeks 1–6 Foundations |
Protection of Information Assets, IS Operations & Business Resilience, Information Systems Auditing Process First-pass learning on the heaviest-weighted domains: read the guide, watch the core course, and start active-recall questions. |
| Weeks 7–10 Breadth |
Governance and Management of IT, IS Acquisition, Development & Implementation Cover the remaining domains and sit your first full, timed mock to expose weak areas. |
| Weeks 11–12 Review & mocks |
Weakest domains + full mocks Re-test with timed mocks, drill the domains your scores flag, then a light rest-and-logistics day before the exam. |
Recommended prep kit
FTC affiliate disclosure: this recommendation may contain a sponsored affiliate link. PrepPath may earn a commission at no extra cost to you.
Study guideFTC affiliate disclosure: this recommendation may contain a sponsored affiliate link. PrepPath may earn a commission at no extra cost to you.
CourseFTC affiliate disclosure: this recommendation may contain a sponsored affiliate link. PrepPath may earn a commission at no extra cost to you.
GearFree PrepPath planner
Enter your exam date and weak domains, then PrepPath generates the day-by-day schedule.
FAQ
A typical CISA (Certified Information Systems Auditor) study plan takes about 12 weeks. Shorten that if you already score well on practice tests, or extend it if the official objectives are new to you.
The best course for CISA (Certified Information Systems Auditor) is one that maps lessons to the current exam domains and includes practice questions. This page recommends Masterclass - CISA Exam (Hemang Doshi, updated 2026) as the core course to review first.
Start with Protection of Information Assets, because it carries about 27% of the exam blueprint, then move through lower-weight domains while tracking weak areas.
PrepPath turns your exam date, daily study hours, and confidence by domain into a calendar you can follow, then adjusts your focus after practice scores.
Most candidates do well with about 1–2 focused hours on study days across a 12-week plan, ramping up in the final weeks for timed practice. Consistency beats marathon sessions — PrepPath spaces each domain out so you revisit it instead of cramming.
Aim for at least 2–3 full, timed mock exams: one early to set a baseline, then more in the final third of your plan. Review every wrong answer and tag the domain it came from so PrepPath can rebalance your remaining days toward your real weak spots.