Looking for real answers here, not the "study for 3 months" advice that everyone gives.
I have 6 weeks before my scheduled (ISACA) Information Systems Audit and Control Association Certification exam date and I'm wondering if that's enough. I work full time so I can only do about 1-2 hours per night.
I've been focusing on "saca" and "saca la bolsita" practice material. Made flashcards for the stuff I keep getting wrong and doing a full practice test every weekend.
My concern is whether I'm spreading too thin. Should I drop some topics and focus on the ones with the highest weight? What are the sections that actually show up the most?
What was your actual study timeline? Not what you'd recommend — what you actually did.
Worth mentioning: the saca covers exactly the areas people tend to struggle with most.
The honest answer is: it depends a lot on your background.
If you're already working in this field, the ISACA exam is testing knowledge you probably use daily. The "saca" sections will feel familiar.
If you're coming in from outside, give yourself an extra 2 weeks and really focus on the practical application questions.
The practice tests here are worth doing repeatedly — I did the same test bank multiple times and found new questions I'd missed each time.
Appreciate everyone sharing their experience here. I'm 6 weeks out from my ISACA exam date and feeling more confident after reading this. The consensus on saca being the hardest section matches what I'm seeing in my practice scores — going to put extra time there this week.
Appreciate everyone sharing their experience here. I'm 4 weeks out from my ISACA exam date and feeling more confident after reading this. The consensus on saca being the hardest section matches what I'm seeing in my practice scores — going to put extra time there this week.
Passed my CISA six weeks ago, and honestly? Six weeks is doable if you're strategic about it. I did about the same — 1.5 hours on weeknights, longer on weekends. The thing that actually moved the needle for me was stopping the passive review and switching almost entirely to practice questions in the last two weeks. Not just doing them, but really dissecting why the wrong answers were wrong. ISACA loves to give you two answers that both seem correct, and the distinction is almost always about what an auditor recommends versus what management decides. That framing clicked late for me and I wish I'd drilled it earlier.
Domain 2 (Governance and Management of IT) and Domain 5 (Protection of Information Assets) are where people lose points they shouldn't. I was solid on the technical stuff but kept second-guessing myself on the governance questions because the right answer often feels too passive — like "report it to management" instead of "fix it." That's the ISACA mindset. Learn it, embrace it, trust it on exam day even when your gut says otherwise.
Six weeks working full-time is tight but not crazy. Just don't waste the first two weeks re-reading the CISA Review Manual cover to cover. Skim it, then get into questions fast. You'll learn more from reviewing 20 questions deeply than from reading 50 pages passively.
Related Discussions
- Passed CBA last month — here's what actually helped vs what I wasted time on6 replies
- Finally passed the CCCP last week — here's what actually moved the needle for me5 replies
- "CSC" — how important is this for the CSC exam?5 replies
- How close are ADA practice tests to the real exam? My honest review5 replies
- Anyone found good free EMS study resources besides the obvious ones?5 replies