r/isaca

I am honestly really undecided on this questions right now. I am trying to decide if I want to take the AAIR or the CRISC exam next? I am really up in the air about it because I already have the AAISM and the CISM certifications but I want one that revolves around Risk as well since I am already working in that field as well.

I have looked at some of the CRISC exam questions that are already out there and I am scoring around a 80% on them right now without any studying. So I know if I study it I can pass it in a relatively short amount of time. While the AAIR is a relatively new exam I feel that I would do well in that as well.

So I am honestly kind of stuck right now and am looking for some help to decide

Finally ready to post my journey.

Started in January 2026.

CISA earned on 23 January 2026

CRISC earned on 10 April 2026

CISM earned on 8 May 2026

Never say you can't and always be ready to learn and grow. I have over 20 years in Cybersecurity and over 15 years in GRC. Still growing and learning every day

Just got my result, hope y'all pass!

First time taking the beta exam with ISACA, and don't quite understand how they released the beta exam result so late but finally it came in.

I have given my cisa exam yesterday but unfortunately couldn't clear. Just wanted to know can I book my exam now as slots are very less for my centre or I can do that after 30 days only?

Has anyone took the AAIR exam. I passed the AAIS’ in Jan. Wondering if it’s worth. Was the studying much different?

Nobody talks about the real cost of another ISACA cert.
Yes, the exam fee is rough. Yes, study materials cost more than they should. But the part that actually stings? Time.
To prep properly you’re giving up nights, weekends, side projects, family hours. That’s not a small ask. For a lot of us, opportunity cost dwarfs the exam fee.
What gets me is the loyalty math doesn’t work. You’d think ISACA would discount more or subsidize members who are already certified people who’ve proven commitment to the profession and are trying to go deeper. Instead it’s the same rate whether you’re brand new or a multi-cert vet.
I get that orgs sometimes cover it. Mine doesn’t for this one. So I’m sitting here doing the full calculation: exam fee + materials + supplemental training + the hours I’m not billing or building and wondering if the credential ROI actually pencils out.
Anyone else running this math? Curious how people are justifying the investment when it comes out of pocket.

I really thought I was going to be stuck in this cycle forever. Failing twice (Sept and Dec) was a huge hit to my ego and my bank account. I just passed last weekend and wanted to share what actually worked, because honestly, most of the study materials out there for this cert are trash.

1st attempt: ISACA Official QAE & Review Manual This route is pricey. The QAE is $249 for members ($349 for non-members) and the Review Manual is another $89 ($105 for non-members). The manual is fine for basic concepts, but it isn't enough to pass on its own. As for the QAE, it helps you get a feel for the exam format, but there are only ~220 questions. Since the pool is so small, I ended up just memorizing the answers instead of actually understanding the logic.

2nd attempt: Udemy An okay, cheaper option ($14/month), but the questions weren't great for actual prep. The answers are very obvious—the long answers were correct most of the time. While it’s cheap, it didn’t challenge me and the explanations were kind of whack.

3rd attempt: DailyDebits AAIA Prep This was the turning point. It was $12 for a month, which was the cheapest option I found (there’s a $36 lifetime one, but honestly just get the sub and cancel after you pass). This had 5 practice exams with 450 questions total. It actually covers the mathematics and scenario-based questions that you don’t really see in the official QAE. The explanations for every choice were actually helpful and way more similar to what I saw on the actual exam today.

My biggest takeaway: If you're struggling with the technical side, don't sleep on the math. That's what killed me the first two times!

Good luck to everyone still in the trenches. You've got this!

I have 3 years of experience in IT specifically cyber security (vulnerability management and soc), I am looking to switch into GRC and I was thinking of getting CISA certified. But the experience requirements are 5 years in auditing or security.

I have 3 years in security and I have completed my bachelors in BTech Computer Science Engineering.

Since my bachelor’s is in relevant field can it waiver 2 years or will it waiver 1 year?

I need better clarity on this before I decide to invest in this certification. Any guidance would be greatly appreciated!

Is ISACA AAISM official review manual worth it? What is the best way to prepare for the exam? I did not have good experience with AAIA review manual and QAE database hence unable to trust again.

When it comes to the QAE expert level questions, are we expected to get those right consistently?

I ask because many of those questions feel intentionally tricky, almost like they are designed to trip you up. A lot of the time, it feels hard to answer with real confidence because more than one option can seem reasonable depending on how you interpret the scenario.

Honestly, it makes me nervous about taking the exam, because it has me wondering if every question on the actual exam will feel like an expert-level question. Has anyone else felt this way, or am I overthinking it?