While the exam is less difficult than it is commonly perceived to be, thousands of candidates fail to clear the exam on their first attempt. Experts point at a number of reasons this happens:

• Students with a technical or technological background often grapple with governance and auditing concepts. While technical knowhow is important, the ability to audit and manage IT Security processes is a must for the CISA exam.
• At the other end of the spectrum, aspirants from audit and accounting backgrounds are excellent in these areas, but struggle with the technical aspects of the exam. Students from such backgrounds would need to understand the concepts and core objectives of the curriculum.
• Many experienced students insist upon following their own approach to tackling difficult questions and scenarios on the CISA exam, eschewing the standard approach prescribed by ISACA.