About the Information Systems & Controls (ISC) CPA Exam

Free eBook:
2024 CPA Exam Evolution

Learn everything you need to know about the 2024 CPA Exam Core-Plus Discipline Model, evolution timeline, recommendations and more.

The Information Systems & Controls (ISC) discipline of the CPA Exam is designed to evaluate candidates’ knowledge of IT and data governance, assurance or advisory services related to business processes, internal control testing, and information system security. It’s one of three disciplines candidates can choose from based on the CPA Exam’s core-plus-discipline model, effective January 2024. Here are some specific examples of the content covered on ISC, according to the AICPA blueprints:

ISC CPA Exam Blueprint

CPA candidates who choose this discipline are likely to consider roles in system and organization controls (SOC), ERP and data management, and internal auditing, among others. If these specialities interest you, read on to learn what to expect from the ISC CPA Exam.

The ISC CPA Exam is an extension of the AUD CPA Exam, which is a core section that all candidates must take. The objective of the CPA Evolution is to ensure that the three core sections examine candidates' foundational knowledge, while the discipline sections examine applicants’ knowledge of advanced concepts within each domain. While the AUD core will test your knowledge of auditing engagements, ISC will take it one step further by assessing your knowledge and skills related to data management, including data collection, storage, and consumption across the data life cycle.

The ISC CPA Exam’s Structure and Format

The ISC discipline features five testlets in total. Testlets 1 and 2 consist of 41 multiple-choice questions (MCQs) each, totaling 82 MCQs on the full ISC Exam. Testlets 3, 4, and 5 consist of task-based simulations (TBSs), totaling 6 on the full ISC Exam. The MCQ section accounts for 60% of your score, while the TBS section accounts for the remaining 40%.

Question Type Number of Questions Score Weighting
MCQs 82 60%
TBSs 6 40%

ISC is a computer-based test that lasts for 4 hours. As such, you’ll need to allocate your time efficiently across each testlet. We recommend spending just under 1.5 minutes on each MCQ, which results in approximately 60 minutes per MCQ testlet. For TBSs, we recommend spending about 18 minutes each, which equates to completing all TBS testlets within 108 minutes. This provides you with 12 extra minutes of cushion to work through difficult problems or double check your answers.

Testlet Question Type Suggested Time
Testlet 1 41 MCQ 60 Minutes
Testlet 2 41 MCQ 60 Minutes
Testlet 3 1 TBS 18 Minutes
15-minute break (does not count toward total exam time)
Testlet 4 3 TBS 54 Minutes
Testlet 5 2 TBS 36 Minutes
Extra Time 12 Minutes
Total Time 240 Minutes


It’s simple. See how our active-learning method will teach you the trickiest topics.

uworld cpa review course answer explanation

ISC Exam Blueprint: Content Areas & Allocation

As laid out in the AICPA blueprints, the ISC Exam includes three content areas that cover advanced concepts pertaining to information systems and controls. You can learn about each subject area and topic weight in the table below:

  • Regulations, standards, and frameworks
  • Security
  • Confidentiality and privacy
  • Incident response
  • Considerations specific to planning and performing a SOC engagement
  • Considerations specific to reporting on a SOC engagement

*When sitting for the ISC section of the exam, candidates should base their answers on the information provided within the question.

Skills Tested on the ISC Exam

The ISC CPA Exam uses Bloom's Taxonomy of Educational Objectives as a skill-set parameter. The table below depicts necessary skills to pass the ISC Exam:

The ISC section of the CPA Exam evaluates information at the first three skill levels of Bloom's Taxonomy:

  • Remembering and Understanding (55-65%): Examined across all Areas, emphasizing understanding of standards, norms, frameworks, and procedures.
  • Application (20-30%): Examined across all Areas, emphasizing information systems, data management, and SOC engagements.
  • Analysis (10-20%): Concentrated in Areas I and II, asking candidates to recognize shortcomings in the suitability or design of information system controls and variations in their functioning.

Aspiring CPAs have many career-path options, but candidates who choose to take the ISC discipline will be uniquely positioned to excel in the following accounting careers:

System and Organization Controls (SOC) is a suite of services related to the system-level controls of a service organization or the entity-level controls of other organizations. Additionally, SOC provides a compliance standard that service businesses can adopt to control how they report financial and security information to customers. SOC skills are the focus of ISC Area III, but they are also lightly tested in Areas I and II.

Advisory services in accounting entail offering advice, solutions, and strategies to assist business owners in achieving their financial and operational objectives. Successful advisors understand the client’s business inside and out, including the systems and controls already in place and those that perhaps need to be implemented. The skills needed for advisory services are tested throughout all three areas of ISC.

Internal auditors assess their organization’s internal controls, corporate regulations, and accounting processes. Internal audits preserve accurate and timely financial reporting and data collecting while ensuring adherence to laws and regulations. Internal auditors also sometimes assist with providing documentation or support to the external auditors. A broad understanding of all of the content tested in ISC is valuable.

Governance is an organization’s overarching set of rules and policies establishing how it does business. Risk is any potential threat that could prevent the organization from doing its business. Compliance is making sure the organization follows all regulations and laws applicable to its business. GRC programs consolidate all of these aspects into one cohesive system in order to improve efficiencies and make better business decisions. The skills needed for a career in GRC are tested throughout all of ISC.

Enterprise resource planning (ERP) systems effectively consolidate all of a company's information into a single uniform database. Data management via ERP increases the efficiency of corporate processes, reduces expenses, and eliminates overhead. CPAs are responsible for maintaining and verifying the accuracy of financial and accounting data within the ERP system. They may also participate in the design, implementation, and maintenance of internal controls and financial reporting processes. ERP and data management are both specifically tested in ISC Area I.

With a 94% pass rate—it works!
Reach your goals with the course that’s raising the bar in CPA Exam preparation.
UWorld Roger CPA Review mobile app displaying sample problem and rationale


The Information Systems and Controls (ISC) discipline of the CPA Exam covers topics related to IT and data governance, assurance or advisory services regarding business processes, internal control testing, and information system security.
The ISC discipline is an extension of the AUD Core Section, but their relative difficulty will depend on your comfort level with the covered topics and how well you prepare. Because ISC builds on AUD, we suggest preparing for it after you have completed AUD.
The ISC CPA Exam is a 4-hour exam consisting of 5 testlets, covering 82 multiple-choice questions and 6 task-based simulations. After the first 3 testlets, candidates are given a 15-minute break that does not count toward the total exam time.
The highest-performing CPA candidates usually prepare with a CPA Exam review course to practice ISC questions in advance and get acclimated to the ISC Exam’s testing interface. Your course should include top-rated CPA Exam practice questions that leverage a learn by doing approach. This tactic has been shown to improve student learning outcomes.
Before you start studying for ISC, you must first create a CPA Exam study plan that fits into your lifestyle. The best study plans outline the days you will study, the material you will cover, and the activities you will complete—such as reviewing lectures and completing practice exams. It’s important that you prepare with a top-quality CPA Review course to ensure you have sufficient coverage of the content and access to practice questions that mirror the actual CPA Exam. Pay close attention to your performance metrics as you go through the material. They will help you determine your strengths and weaknesses so that you can focus your study efforts where they matter most.

Other CPA Exam Discipline Pages

Tax Compliance and Planning (TCP)

Learn what to expect when you take the TCP discipline of the CPA Exam, including the exam’s topics, structure, question format, and more. Plus, see how this discipline section relates to the REG core section.

Business Analysis and Reporting (BAR)

Learn what to expect when you take the BAR discipline of the CPA Exam, including the exam’s topics, structure, question format, and more. Plus, see how this discipline section relates to the FAR core section.

Scroll to Top
Free eBook: 2024 CPA Exam Evolution