CISA is to audit what CPA and CA are to accounting. CISAs are recognized internationally as professionals with the knowledge, skills, experience, and credibility to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to the enterprise. CISA job practice analysis has been completed by ISACA. This analysis resulted in a new CISA job practice which reflects the vital and evolving responsibilities of IT auditors. The new CISA job practice was effective beginning with the CISA exam administration in June 2011. For purposes of these statements, the terms "enterprise" and "organization" or "organizational" are considered synonymous.

The job practice domains and task and knowledge statements are as follows:

1. Domain 1—The Process of Auditing Information Systems (14%)
2. Domain 2—Governance and Management of IT (14%)
3. Domain 3—Information Systems Acquisition, Development and Implementation (19%)
4. Domain 4—Information Systems Operations, Maintenance and Support (23%)
5. Domain 5—Protection of Information Assets (30%)