The most-recognised IT-audit credential in the world. The cert most often required for IT-audit, internal-audit-IT and audit-manager roles in MY banking, listed companies and BNM-regulated industries.
⏱Duration: 4 days / 32 hrs
💻Format: Instructor-Led + Audit Sims
🌐Delivery: On-site · Virtual · Hybrid
✅Pass rate: 94%
📅Next intake: 15 May 2026
🔍
Audit fluency
Plan, execute and report on IT audits across all 5 CISA domains
📝
Evidence + workpapers
ISACA-grade workpaper standards and audit-trail discipline
🏛
Frameworks
COBIT 2019, ISO 27001, NIST CSF, BNM RMiT mapped
📊
Findings + reporting
Defending findings to audit committees and executive sponsors
What this course is
Where IT audit stops being a checkbox exercise.
CISA is ISACA's flagship IT-audit credential. It is the cert most often required for IT-audit, internal-audit-IT, audit-manager and risk-and-controls roles at MY's banks, listed companies, GLCs, BNM-regulated industries and the Big-4 and second-tier audit firms (PwC, KPMG, EY, Deloitte, BDO, RSM).
At Nexperts, CISA is delivered as a 4-day intensive that walks all five exam domains with hands-on audit-workpaper exercises, MY-context case studies and full ISACA-style mock exams. By day 4 you've planned an IT audit, executed control testing, documented workpapers and defended findings to a simulated audit committee.
CISA is the credential that opens the audit-committee door. It is the cert most often listed in MY job ads under 'must-have' for IT-audit, IT internal-audit and senior controls-testing roles. In banking it is increasingly mandated; in BNM-regulated industries it is the de-facto standard.
The 2024+ CISA update sharpened the focus on emerging-tech audit (AI, cloud, blockchain), cybersecurity-control testing and the BNM RMiT impact on IT-audit programmes. We map every domain to MY enterprise audit reality.
Who should take this course
💼
IT auditors
Performing IT audits in banks, insurance, capital markets, telcos, GLCs.
→ Don't yet have 5 years experience? You can sit the exam first; ISACA grants the cert when experience is verified within 5 years.
Course Curriculum
Five domains. Real audit decisions.
CISA covers five exam domains: IS Audit Process (18%), Governance & Management of IT (18%), Information-Systems Acquisition / Development / Implementation (12%), IS Operations & Business Resilience (26%), and Protection of Information Assets (26%). We deliver in audit-lifecycle order with MY-context workpaper exercises.
Audit Sims
8 sprints. Real MY audit scenarios.
CISA is delivered as case-study workshops, not technical labs. By day 4 you've worked through MY-context audit scenarios across banking, insurance, telco, listed PLCs and GLCs.
01
Audit Plan
Build a risk-based audit plan for a fintech with BNM oversight.
Process
02
Workpapers
Document control-testing workpapers to ISACA standard.
Process
03
Governance Audit
Audit IT-governance maturity at a Klang Valley GLC.
Governance
04
SDLC Review
Audit a core-banking implementation project.
SDLC
05
DR Audit
Audit DR readiness for a regulated cloud workload.
Resilience
06
IAM Audit
Audit IAM controls for a banking core.
Security
07
Findings
Defend audit findings to a simulated audit committee.
Reporting
08
Quality Review
Peer-review another candidate's workpaper file.
Process
+ 8 micro-tasks across COBIT 2019, ISO 27001, BNM RMiT and ISACA audit standards.
Exam Information
One exam. CISA.
CISA has one exam. 150 questions, 4 hours, scaled scoring. You need 450 / 800 to pass.
CISA Exam
Questions150 multiple choice
Duration4 hours
Passing score450 / 800 (56%)
FormatPSI / online proctored
Validity3 years (CPE-renewable)
Industry avg pass rate~62% first attempt
Nexperts pass rate94% first attempt
Our 4-Mock Programme
01
Diagnostic
End of day 1. Sets the baseline. Average 53%.
02
Domain Drill
End of day 3. By-domain mock. Highlights weak areas.
03
Full Mock
End of day 4. Full timed simulation. 70%+ before booking.
04
Clearance
Week after class. Final clearance. 75%+ before booking.
0%
Pass Rate
94% of our CISA candidates pass on first attempt.
The ISACA global first-attempt rate for CISA sits around 62%. We hit 94% by drilling audit-judgement on real MY workpaper exercises and gating booking on a clearance mock.
BNM RMiT-mappedWorkpaper drills94% first attemptFree retake voucherISACA aligned
Why our pass rate is 94%
Industry average: ~62%
Most candidates can recite control objectives but cannot defend a finding under timer. CISA questions test audit-judgement, not memory.
Nexperts: 94%
We work workpaper exercises for 70% of class time. We drill the question patterns. We gate booking on a clearance mock. By exam day, audit-thinking is reflex.
Your Audit Path
CISA pairs with CRISC and CISM.
CISA stacks naturally with CRISC (risk lens) for a balanced GRC profile, with CISM (security-management lens), or with CGEIT for board-tier governance roles.
Expected salary range after CISA + 3 years experience: RM 9,500 – RM 16,500/month for IT-audit roles in MY banks, Big-4 firms and BNM-regulated industries.
Student Reviews
What our CISA graduates say.
4.8
★★★★★
94 reviews
5★
78%
4★
13%
3★
3%
★★★★★
"CISA at Nexperts is the right way to do this cert. The MY-context workpaper exercises were directly applicable on my first audit engagement after passing."
WL
Wong Li Ling
IT Audit Manager · Maybank
✓ Passed first attempt (664/800)
★★★★★
"Coming from operational audit, CISA reframed how I look at IT controls. The audit-committee defence drill on day 4 was the most valuable single exercise."
SS
Suresh Subramaniam
Senior IT Auditor · KPMG MY
✓ Passed first attempt (612/800)
★★★★
"Tough exam but the clearance mock told me exactly when I was ready. Cleared at 588 on first sitting. Now leading audit programmes for two banking clients."
NM
Nazirul Mahmud
Audit Manager · EY
✓ Passed first attempt (588/800)
★★★★★
"BNM RMiT mapping is the differentiator. Picked Nexperts over Iverson and zero regrets. Worth every ringgit — promoted within 6 months."
RG
Reena Gopalan
Senior Manager IT Audit · RHB Banking
✓ Passed first attempt (702/800)
Copy page link
Share this course page with your team or save the URL for later.
