Annual CPE Audit 


ISACA’s CPE audit is conducted annually to evaluate an individual’s compliance with modern certification guidelines. These guidelines are set in place to confirm ISACA certification holders maintain proficiency in their given designations. The annual audit assists us in preserving the integrity of knowledge within our global network of professionals. More information regarding your Continuing Professional Education (CPE) Policy can be found under the My Certifications tab, located in your ISACA profile.

Submitting Documentation

Documentation should be in one of the following forms:

  1. Verification of Attendance Form
  2. Certificate of completion/attendance
  3. Verified confirmation letter
  4. Independent proof of completion

Compliant Documentation should include:

  • Your name as the attendee/presenter
  • Name of the sponsoring organization
  • Title of activity and description
  • Date of the activity
  • The number of Continuing Professional Education (CPE) hours awarded or detailed event duration.

Non-Compliant Documentation often includes:

  • Event registration information/receipts
  • Calendar invites or screenshots
  • Slideshow presentations

Examples of Compliant and Non-Compliant Documentation:

If you are unable to provide compliant documentation, you may utilize the Verification of Attendance Form.

Once you have gathered all CPE supporting and compliant documentation inclusive of the requirements stated above, keep the originals for your records and submit PDF copies via our support page following these easy steps:

  • Visit our support page at
  • Select Certifications & Certificate Programs
  • Select CPE Audit
  • Complete all required fields
  • Include “Response to Audit Request” in the subject line
  • Attach documentation

Annual CPE Audit Timeline

  • The deadline to submit complete and accurate support documentation for CPE hours reported in the 2018 calendar year is Friday, 2 August 2019.

Audit Selection Criteria

The audit selection process is as follows:

  • Must be an ISACA certificate holder for at least one of the four core certifications:
    • CISA
    • CISM
    • CGEIT
    • CRISC
  • Must have been certified on or during the calendar year of 2018
  • Auditees are chosen at random

Your CPE Audit Process Resources by Certification

CISA Audit Resources CISM Audit Resources

For additional languages, please tap here.
Additional languages can be found on the right-hand side of the web page under the “CPE Policy” section.

For additional languages, please tap here
Additional languages can be found on the right-hand side of the web page under the “CPE Policy” section.

CGEIT Audit Resources CRISC Audit Resources

Frequently Asked Questions

Q. What is the selection criteria of ISACA’s Annual CPE Audit?

A. CISA, CISM, CRISC, and CGEIT Certification holders who have reported CPE hours for the year prior are randomly selected for the audit. Certification holders who retired their certification during the audited year or who were audited in the prior 2 years for the same certification will be waived from the audit.

Q. I was previously audited for my CPE. Why am I being audited again?

A. As the audit selection process is random, it does not exclude individuals who have been selected in previous years. For this reason, a person may be selected multiple times.

Example 1: A customer with 2 certifications may be audited on consecutive years, but only for the CPEs reported for the certification that was not audited in the prior year.
Example 2: A customer with 2 certifications may be audited on CPEs reported for both certifications in the same year, but only if they were not audited in the prior 2 years.

Q. I do not have compliant documentation for the CPE that I reported (because my laptop crashed; my documents were stored on a machine with my previous employer; I lost the documentation; etc.). How should I proceed?

A. We suggest that you contact the sponsoring organizations for the activities you attended for duplicate CPE certificates or other proof of attendance.

Q. I cannot obtain compliant documentation to support the CPE hours and/or I added CPE hours for an activity that is not yet completed. What will happen?

A. CPE hours should only be added after an activity is completed and you have compliant documentation for the activity. If you cannot produce compliant documentation for the activity you will not be able to claim the activity for the CPE audit and your CPE audited hours will be reduced or updated accordingly. Please note that when your hours are reduced you will still need to be able to meet your annual and/or three-year cycle requirements in order to be compliant with the audit. If the reduction makes you short of the CPE requirement(s) then your certification will be subject to revocation.

For an extensive list of FAQs, please visit CPE Audit FAQs.

If after using these resources you have additional questions regarding the Annual CPE Audit Process, contact the ISACA Customer Experience Center.

  • Visit to chat with one of our agents or to submit an inquiry (please select “Certifications & Certificate Programs”, then “CPE Audit”)
  • Call +1.847.660.5505 (hours of operation are Monday – Friday, 7AM – 5PM CDT)