CISA, CGEIT, CRISC. What is a good score in an ISACA exam?

Posted on March 11, 2015

Please note these are all my own opinions and comments, based on my experiences and results. This is not an official ISACA post in any way.

There is not a lot of information available on ISACA exam scores and what would constitute a “good” score. After I received my exam results from the most recent CISA exam (and before receiving confirmation of a placing), I thought I had done quite well and wanted an idea of just how good a score this was. I looked around and really couldn’t find much.

Many years ago ISACA used to score their exams with a simple percentage score. 75 was required to pass the exam. A number of years ago they switched to a new system, where the results are provided on a scaled score with the maximum score of 800. A scaled score of 450 or higher is required to pass, which represents the minimum consistent standard of knowledge as established by ISACA’s Exam Certification Committee (there is one for each qualification). The score represents a conversion of individually weighted raw scores based on a common scale. As such you cannot  apply a simple arithmetic mean to convert area scores to your total scaled score. (Wording from various ISACA sources).

A comment on one site that a score of over 700 was a tremendous achievement was the best I could see.  I had written two other ISACA exams over the last few years so went back and looked at those scores and I could see I had done quite a bit better this time, although I had done well in those exams too.

So for those interested, I publish my results from the last three exams.  The information below is edited from results emails received from ISACA after each of the exams in question. I am fairly sure that a “good” score would be exam dependent and vary from exam to exam and year to year. Nonetheless, take this for what it is, set yourself a lofty goal, and good luck with your studies towards achieving one of ISACA’s globally recognised and universally accepted qualifications in the space of Risk, Security, Governance and Compliance.

If you happen to be based in Durban and are planning to write the CISA exam (or one of the others), we are hosting a facilitated study group at the ITSec offices in Durban. This is a no-cost endeavour for the good of the community. Come along and join us. We had a planning session last night and will be meeting weekly from next Tuesday. Studying with a diverse bunch of your peers is a whole lot better than doing it alone. More details here : ITSec facilitated study group.

Justin J Williams

CA(SA), CISSP, MBA (UKZN), CISA(pend), CGEIT(pend),CRISC(pend)

Director, ITSec.


Exam Results : December 2014 CISA exam

We are pleased to inform you that you successfully PASSED the exam with a total scaled score of 727.Your score was in the top 5 percent of those testing. For your information, your exam results by area are provided below.


  • The Process of Auditing Information Systems: 800
  • Governance and Management of IT: 714
  • Information Systems Acquisition, Development and Implementation: 767
  • Information Systems Operations, Maintenance and Support: 615
  • Protection of Information Assets: 759

This score of 727 was ranked 1st in the World for the December 2014 CISA exam. 

As an aside, this is not the first time I had written the ISACA exam. I wrote and passed it back in 1996 with a score of 83% under the old scoring system. Why would I write it again? A little “oopsie” with CPE credits along the way meant I lost the certification at some point. Based on a new position I took late last year my new employer asked me to write the exam again.

Exam Results : June 2013 CGEIT exam

We are pleased to inform you that you successfully PASSED the exam with a total scaled score of 644.Your score was in the top 5 percent of those testing. For your information, your exam results by area are provided below.


  •  Framework for the Governance of Enterprise IT: 722
  • Strategic Management: 702
  • Benefits Realization: 615
  • Risk Optimization: 598
  • Resource Optimization: 540

This score of 644 was ranked 1st in South Africa for the June 2013 CGEIT exam. 


Exam Results: December 2012 CRISC exam

We are pleased to inform you that you successfully PASSED the exam with a total scaled score of 634. For your information, your exam results by area are provided below.

  • Risk Identification, Assessment and Evaluation: 534
  • Risk Response: 688
  • Risk Monitoring: 650
  • Information Systems Control Design and Implementation: 650
  • Information Systems Control Monitoring and Maintenance: 727

Again, congratulations on passing the CRISC exam, we look forward to having you join the more than 16,000 professionals worldwide who have earned the CRISC credential.

This score of 634 was ranked 3rd in South Africa for the December 2012 CRISC exam. 

I’m looking for staff : Security, Governance, Risk and Compliance

Posted on September 01, 2012

Six more positions are available in the Enterprise Information Security Management team at Transnet, within the IT Security, Governance, Risk and Compliance competency areas.

We have a lot of challenging but interesting work ahead of us. If you want to learn a lot, apply what you have learned, be part of a hard working and performing team, then please apply :)

  • ICT Continuity Compliance Manager
  • IT Risk and Compliance Manager
  • Information Security Subject Matter Expert
  • Information Security Analyst (SME) x 2
  • Senior Security Analyst (inc Forensic & Incident)

These positions are all based in the Johannesburg CBD (Carlton Centre) and are manager or senior consultant level positions.

External applicants must apply by submitting CVs electronically to by 16h00 on 07 September 2012. Any questions regarding the positions should be sent to

Further details for each of the positions can be found here :  (Google Plus)

We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at Transnet. Call the hotline toll free number: 0800 003 056 or email

ISACA 2012 conference happening from 10-12 September 2012, registrations open soon

Posted on June 17, 2012

The ISACA South Africa 2012 conference is happening from the 10-12 September. Diarise the dates, get those purchase requisitions in. If you are wanting to present at the conference then mail Nadine ( – the speaker lineup is being finalised shortly so hurry up to make sure you don’t miss out.

The conference is being held at the Wanderer’s Club in Illovo. It’s right next door to the Protea hotel if you need accommodation, and is also served by the Gautrain and their buses, with a bus stopping right outside the hotel gates.

Hope to see you all there.

New ISACA audit programs: Cloud computing, Crisis mgt, Infosec mgt, Active Directory, Oracle eBusiness #in

Posted on September 02, 2010

ISACA has recently made 5 new audit programs available, 4 in August and one in July, bringing the total number of available programs to 31.

These new audit programs cover :

  • Cloud Computing Management Audit/Assurance Program (Aug 2010)
  • Crisis Management Audit/Assurance Program (Aug 2010)
  • Information Security Management Audit/Assurance Program (Aug 2010)
  • Windows Active Directory Audit Program (20 Aug 2010)
  • Security, Audit and Control Features Oracle E-Business Suite, 3rd Edition – Audit programs and ICQs (July 2010)

They are all available for download on the ISACA knowledge centre website.

ISACA makes the material available at no cost as a benefit of ISACA membership. Anybody wanting to contribute material to share with fellow professionals can send it to ISACA via

Howto : Small Business IT Governance Implementation #in

Posted on August 25, 2010

One of the key challenges of IT governance is how to break it up and make it understandable and implementable for small businesses. Cost/benefit is always a key challenge and unless there is a practical sensible way that adds value to the business then IT governance is not going to work in small business.

ISACA have released a nicely put together article in their J-Online section of the website. Small Business IT Governance Implementation  by Janeane Leyer and Katelyn Quigley provides useful practical advice on how to implement. In doing so the article provides three key questions in a simple framework and discusses six critical success factors for the implementation.


The largest risks to businesses today are failure to align information technology to real business needs and failure to use information technology to create value for the business. Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. With recent increases in demand for cost reduction, the need for small businesses to actively manage their IT resources has never been greater.

This article will provide an overview of IT governance, discuss the benefits to small businesses, suggest a framework for implementation in small businesses and discuss critical success factors.

Download the article here.

%d bloggers like this: