Facts about the CISA CPE renewal process
In the field of information security systems, degree diplomas are no longer sufficient to land the desired employment and pay. Employers prefer to work with individuals who possess the CPE (continuing professional education) credits required for their certifications. Since these businesses consider CPE credits to be beneficial for professionals to develop and upgrade their skills. CISA Certification is provided by ISACA to monitor and protect the security system of an organization. This certificate also necessities earning CPE credits to renew it every three years. CPE further helps professionals to gain cybersecurity skills and stay updated in this discipline. Moreover, individuals with CISA CPE credits are more likely to receive higher salaries and hold more prestigious positions than the average worker.
Why CPE Credits are important for the CISA Certificate?
CPE stands for Continuing Professional Education, which includes management and technical training for IS evaluation and for enhancing audit, security, or control abilities. The CISA Certificate is valid for three years as ISACA has established specific procedures for renewing it. Candidates must pay the renewal fee and earn CPE Credits to maintain. The CPE program's goal is to ensure that CISAs retain their level of expertise in monitoring, evaluating, and regulating Information Systems (IS). It enables the technical department's professionals to deliver the necessary IT services, such as cloud computing and cyber security, to fulfill the organization's objectives.
What are the CISA CPE guidelines?
ISACA mandates that CISA professionals acquire a minimum of 20 CPE hours yearly and a minimum of 120 hours during a three-year period. They must document their CPE activities and submit their CPE hours. Additionally, certification holders are required to pay a CPE maintenance fee of USD 85 for non-members and USD 45 for members each year. There are a few other prerequisites for maintaining the certification in addition to obtaining CPE credits. The following are the requirements for CISA professionals:
- Comply with the annual CPE audit if selected
- Adhere to ISACA’s Professional Code of Ethics
- Agree to abide by ISACA’s auditing standards for information technology
CISA Certified professionals who fail to comply with the CPE policy will have their credentials revoked.
How to report CISA CPE?
CISA professionals must create an appeal for submission after obtaining CPE credits successfully. They must record their CPE credits on the ISACA website to begin the renewal process.
- Candidates should log in to their profile on the ISACA website
- Click on the certifications and CPE management tab
- Click on the report and manage CPE button
- Click on to add new CPE record button
- Fill out the details of the CPE activity. This includes a title or description of the event, the sponsoring organization, a start and end date from when it was earned, and the appropriate qualifying activity.
- Enter the number of CPE earned for the CISA Certificate.
- Click save and close (or) save and add more if professionals have additional CPE to report.
Candidates must submit their application for renewal before the certification's expiration date since there are few options for renewal after that period.
How to calculate CISA CPE credits?
According to the CISA policy, for both qualifying and non-qualifying ISACA professional education programs and meetings, one CPE hour is awarded for fifty (50) minutes of active participation (excluding meals and breaks).
CPE hours can be earned in quarter-hour increments and can be reported in quarter hours, rounded to the nearest quarter-hour. For example, a CISA will be qualified for 7.75 CPE hours if they attend an eight-hour presentation (480 minutes) with 90 minutes of breaks. The table below provides an example of this:
| Study Activity | Hours Spent | Minutes Spent |
| 9:00 a.m. – 5:00 p.m. | 8.0 | 480 |
| Subtract: Two 15-minute breaks | 0.50 | 30 |
| Subtract: Lunch (1 hour) | 1 | 60 |
| Total hours spent on an activity | 6.5 | 390 |
CPE Hours are calculated by dividing the total of 390 minutes spent studying by 50 minutes, which results in 7.8 or 7.75 (rounded to the nearest quarter hour) CPE hours.
What is CISA CPE audit?
Every year, ISACA conducts a CPE audit to assess an individual's compliance with modern certification requirements. It is conducted for preserving the integrity of knowledge within the global network of professionals. If selected, CISA professionals are required to submit written documentation of previously reported activities that satisfy the requirements outlined in the Qualifying Professional Education Activities. The acceptability of hours for certain professional educational activities will be decided by the CISA Certification Committee. CISA Certification of those who refuse to comply with the audit will be canceled.
Compliant Documentation:
The following details should be included in one document for compliance documentation:
- Professionals name as the attendee/presenter
- Name of the sponsoring organization
- Title of activity and description
- Date of the activity
- The number of Continuing Professional Education (CPE) hours awarded or detailed event duration
- Verifier signature, stamp, or other third-party attestation of completion
CISA professionals may use the verification of attendance form if they are unable to provide compliant documentation. A representative from the sponsoring organization or someone who is aware of their attendance, such as a manager, should sign it.
Non-Compliant Documentation:
Non-Compliant Documentation often includes:
- Event registration information/receipts
- Calendar invites or screenshots
- Slideshow presentations
- Email attendance confirmation without duration or CPE hours earned
Is there any exception for obtaining CPE?
CISA professionals are no longer obliged to complete CPE hours if they leave their profession due to retirement age or disability. Professionals who apply for non-practicing CISA status (i.e., those who are no longer employed in the fields of IS audit, control, or security) are exempt from the CPE requirement but are still required to pay the annual maintenance fee.
The CISA Certification is very marketable and will elevate professionals to the top candidates for employers. Therefore, professionals who hold a CISA should make sure to keep it current and renew it every three years. Earning CPE ensures that professionals maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control, and security.
Individuals possessing the certification are adept at estimating both probabilities of identified threat sources taking actions and those completing them. Training teaches them to prepare an inventory of all software and devices present in the physical infrastructure of organizations or cloud environments. This helps them present to organizations their available range of IT assets. Certified professionals provide the framework for regular tracking of organizational software and hardware assets.
The certification empowers individuals to prepare a document containing procedures for removable media usage. Such professionals are responsible for appointing owners for the respective IT assets in the inventory. They ensure accountability and responsibility throughout the IT asset life cycle. Besides, training educates them in regularly performing secure configuration of IT systems. Such professionals make sure that non-vendor supported applications, operating systems, and devices are removed.