Information Systems & Controls (ISC) is 1 of the 3 discipline sections that candidates can select under the CPA Exam’s core-plus-discipline model. According to the CPA Exam Blueprints, the following are some specific topics covered on the ISC section of the CPA Exam:
CPA candidates who choose this discipline are likely to consider roles in System and Organization Controls (SOC), Enterprise Resource Planning (ERP) systems, data management, and internal auditing, among others. If these specialties interest you, read on to learn what to expect from the ISC CPA Exam.
How ISC Discipline Is Related to AUD Core
The ISC discipline builds on concepts introduced in the AUD CPA Exam, a core section all candidates must take. While the AUD core will test your knowledge of auditing engagements, ISC will take it a step further by assessing your knowledge and skills related to data management, including data collection, storage, and consumption across the data life cycle.
ISC CPA Exam’s Structure and Format
The ISC CPA Exam is a computer-based test consisting of 5 testlets and lasting 4 hours.
- Testlets 1 and 2 include 82 multiple-choice questions (MCQs) in total and account for 60% of the score.
- Testlets 3, 4, and 5 include 6 task-based simulations (TBS) and account for the remaining 40%.
| Question Type | Number of Questions | Score Weighting |
|---|---|---|
| MCQs | 82 | 60% |
| TBS | 6 | 40% |
Candidates must allocate time efficiently across each testlet. We recommend allocating about 1.5 minutes per MCQ, which equals approximately 60 minutes per MCQ testlet. For TBS questions, allocate about 18 minutes each. This allows you to complete all TBS testlets in 108 minutes, leaving 12 minutes to review difficult questions.
| Testlet | Question Type | Suggested Time |
|---|---|---|
| Testlet 1 | 41 MCQs | 60 Minutes |
| Testlet 2 | 41 MCQs | 60 Minutes |
| Testlet 3 | 1 TBS | 18 Minutes |
| 15-minute break (does not count toward total exam time) | ||
| Testlet 4 | 3 TBS | 54 Minutes |
| Testlet 5 | 2 TBS | 36 Minutes |
| Extra Time | 12 Minutes | |
| Total Time | 240 Minutes | |
ISC Exam Blueprint: Content Areas & Allocation
As outlined in the American Institute of Certified Public Accountants (AICPA®) blueprints, the ISC exam encompasses 3 content areas that cover advanced concepts related to information systems and controls. You can learn about each subject area and topic weight in the table below:
- Information systems
- Data management
- Regulations, standards, and frameworks
- Security
- Confidentiality and privacy
- Incident response
- Considerations specific to planning and performing a SOC engagement
- Considerations specific to reporting on a SOC engagement
Download the latest AICPA CPA Exam Blueprint
*When sitting for the ISC section of the exam, candidates should base their answers on the information provided within the question.
Skills Tested on the ISC Exam
The ISC CPA Exam uses Bloom’s taxonomy of educational objectives as a skill-set parameter. The table below depicts necessary skills to pass the ISC exam:
The ISC section of the CPA Exam evaluates information at the first 3 skill levels of Bloom’s taxonomy:
- Remembering and Understanding (55-65%): Examined across all Areas, emphasizing understanding of standards, norms, frameworks, and procedures
- Application (20-30%): Examined across all Areas, emphasizing information systems, data management, and SOC engagements
- Analysis (10-20%): Concentrated in Areas I and II, asking candidates to recognize shortcomings in the suitability or design of information system controls and variations in their functioning
ISC CPA Exam Pass Rates
| ISC CPA Exam Pass Rates | |
|---|---|
| Q1 2024 | 50.93% |
| Q2 2024 | 57.93% |
| Q3 2024 | 61.88% |
| Q4 2024 | 56.40% |
| Q1 2025 | 61.23% |
| Q2 2025 | 71.96% |
| Q3 2025 | 66.91% |
| Q4 2025 | 66.75% |
| Q1 2026 | 66.79% |
Source: https://www.aicpa-cima.com/resources/article/learn-more-about-cpa-exam-scoring-and-pass-rates
View the pass rates for each section of the CPA Exam from prior years in CPA Exam Pass Rates.
Accounting Roles Related to Information Systems & Controls
Aspiring CPAs have many career-path options, but candidates who choose to take the ISC discipline will be uniquely positioned to excel in the following accounting careers:
System and Organization Controls (SOC) is a suite of services related to the system-level controls of a service organization or the entity-level controls of other organizations. Additionally, SOC provides a compliance standard that service businesses can adopt to control how they report financial and security information to customers. SOC skills are the focus of ISC Area III, but they are also lightly tested in Areas I and II.
Advisory services in accounting involve providing guidance, solutions, and strategies to help business owners achieve their financial and operational objectives. Successful advisors understand the client’s business inside and out, including the existing systems and controls, as well as those that may need to be implemented. The skills required for advisory services are tested throughout all 3 areas of ISC.
Internal auditors assess their organization’s internal controls, corporate regulations, and accounting processes. Internal audits ensure accurate and timely financial reporting and data collection, while also ensuring adherence to relevant laws and regulations. Internal auditors also sometimes assist with providing documentation or support to the external auditors. A broad understanding of all of the content tested in ISC is valuable.
Governance is an organization’s overarching set of rules and policies establishing how it does business. Risk is any potential threat that could prevent the organization from doing its business. Compliance is making sure the organization follows all regulations and laws applicable to its business. GRC programs consolidate all these aspects into 1 cohesive system to improve efficiencies and make better business decisions. The skills needed for a career in GRC are tested throughout all of ISC.
Enterprise Resource Planning (ERP) systems effectively consolidate all a company’s information into a single uniform database. Data management through ERP enhances the efficiency of corporate processes, reduces expenses, and minimizes overhead. CPAs are responsible for maintaining and verifying the accuracy of financial and accounting data within the ERP system. They may also participate in the design, implementation, and maintenance of internal controls and financial reporting processes. ERP and data management are both specifically tested in ISC Area I.
ISC CPA Exam FAQs
What is on the ISC CPA Exam?
Is ISC harder than AUD?
How long is the ISC CPA Exam?
How do I pass the ISC CPA Exam?
How do I study for the ISC CPA Exam?
Before you start studying for the ISC, you must first create a CPA Exam study plan that fits into your lifestyle. The best study plans outline the days you will study, the material you will cover, and the activities you will complete, such as reviewing lectures and completing practice exams. You must prepare with a top-quality CPA Review course to ensure you have sufficient coverage of the content and access to practice questions that mirror the actual CPA Exam. Pay close attention to your performance metrics as you go through the material. They will help you identify your strengths and weaknesses, allowing you to focus your study efforts where they matter most.
Other CPA Exam Discipline Pages
Tax Compliance and Planning (TCP)
Learn what to expect when you take the TCP discipline of the CPA Exam, including the exam’s topics, structure, question format, and more. Additionally, explore the connection between this discipline section and the REG core section.
Business Analysis and Reporting (BAR)
Learn what to expect when you take the BAR discipline of the CPA Exam, including the exam’s topics, structure, question format, and more. Plus, see how this discipline section relates to the FAR core section.
