Should an IT Auditor Take the CPA Exam?

Kurian Elakatt

Systems Intern

January 18, 2017

“Should I take the CPA exam or the CISA exam to get into IT Audit?” This is a question I often hear from potential new hires and interns alike. Both certifications are great to have and will benefit you in the long term. So my response to that question is usually something along the lines of “Why not both?” After all, it never hurts to have additional relevant certifications under your belt.


CISA credentials can supplement CPA credentials by increasing the scope of auditing proficiencies. If an accountant enters numbers into a spreadsheet to prepare a financial statement, the CPA verifies the accuracy of the numbers and calculations. The CISA looks beyond the data itself to verify that the network is secure enough to prevent unauthorized users from accessing and potentially altering the numbers or calculations.


While CPAs learn auditing techniques, auditing is not a primary focus of the certification. That’s because not all CPAs are auditors. CISAs, on the other hand, are auditors specifically trained to assess policies, processes and technology systems. Also, CISAs focus on data and assess the integrity of the technology framework used by financial professionals whereas CPAs focus on financial numbers. However, when CPAs do perform audits, they assess the integrity of financial accounting processes.


Trying to decide which certification you should go for is a personal choice. It really depends on where you see yourself in five or ten years. Both are great certifications to have, but only you can decide which path would benefit you the most – even if that means going for both.