The complete guide to the ISC CPA Exam

7 min read
Information Systems and Controls

At the beginning of 2024, the AICPA launched a completely updated CPA Exam, CPA Evolution, to ensure that newly licensed CPAs have the skills necessary for modern public accounting. The new CPA Exam consists of three Core exams all candidates must pass, plus one of three Discipline Exams chosen by the candidate. Learn more about the ISC CPA Exam to see if this Discipline is the right choice for you, as well as how to prepare and pass!

Table of contents

  1. What is the ISC CPA Exam?
  2. ISC Exam Content and Format 
  3. ISC CPA Exam content outline
  4. When should I take ISC? 
  5. Should I choose ISC as my Discipline?
  6. How is the ISC exam scored?
  7. ISC CPA Exam study tips


Download our FREE 2024 CPA Exam Guide

What is the ISC CPA Exam?

CPA Exam

Core exam sections

All three are required 

Discipline exam sections

Candidates choose one







Auditing & Attestation

Financial Accounting & Reporting

Taxation & Regulation

Business Analysis & Reporting

Information Systems & Controls

Tax Compliance & Planning


The Information Systems and Controls (ISC) section of the CPA Exam tests a candidate’s knowledge and ability to apply skills in information technology (IT) audit and advisory, SOC engagements, security and privacy, and data management and information systems.

ISC is one of the three Discipline sections that candidates may choose to take to complete their CPA Exam requirements. Those who choose this Discipline over the other two will be interested in diving deeper into accounting information technology, data governance and privacy considerations, and internal organization controls. Passing the ISC CPA Exam will ensure that these candidates possess the expert knowledge required to continue advancing their careers in these specializations.

Updates to the ISC CPA Exam

The ISC CPA Exam is a newly created section, born from CPA Evolution launched in January 2024. These updates restructured the CPA Exam into six sections:

  • Three (3) Core sections required for all candidates: 
    • Financial Accounting and Reporting (FAR) 
    • Auditing and Attestation (AUD) 
    • Taxation and Regulation (REG)
  • One (1) Discipline section that candidates choose from three options: 
    • Business Analysis and Reporting (BAR) 
    • Information Systems and Controls (ISC) 
    • Tax Compliance and Planning (TCP)


With CPA Evolution, one section of the CPA Exam, Business Environment and Concepts (BEC) was removed. Some of the content on the ISC CPA Exam comes from BEC, some from the original AUD exam, but much of it is new material to support the accounting industry’s quickly evolving technological landscape.

ISC CPA Exam format and content

The ISC CPA Exam is a four-hour test, consisting of 82 multiple choice questions (MCQs) and six (6) task-based simulations (TBSs).

These are broken up across 5 “testlets":

  • Testlet 1: 41 MCQs
  • Testlet 2: 41 MCQs
  • Testlet 3: 1 TBS
  • Testlet 4: 3 TBSs
  • Testlet 5: 2 TBSs

The exam is organized into three content areas: 

  1. Information systems and data management: 35-45%
  2. Security, confidentiality, and privacy: 35-45%
  3. Considerations for System and Organization Controls (SOC) engagements: 15-25%

It's worth noting that ISC Is an extension of AUD, going more in-depth on the fundamentals tested in this Core section. For example, while AUD tests auditing, ISC asks deeper questions on related, but more specialized, topics like management across the data life cycle.

ISC CPA Exam skills

The CPA Exam uses Bloom’s Taxonomy of Education Objectives to define the skillsets that candidates must demonstrate. While there are four skill levels in total, only the first three are tested on ISC: 

  • Remembering and Understanding (55-65%): Demonstrate comprehension of concepts, standards, norms, and procedures 
  • Application (20-30%): Highlighting the use of concepts and best practices as related to all three content areas 
  • Analysis (10-20%): Interpreting real-life scenarios to identify errors, propose solutions, and deduce results from the data provided

ISC CPA Exam content outline

Area I: Information Systems and Data Management (35-45%) 

  • Information systems 
    • IT infrastructure 
    • Enterprise and accounting information systems 
    • System availability 
    • Change management 
  • Data management 

Area II: Security, Confidentiality, and Privacy (35 – 45%) 

  • Regulations, standards, and frameworks 
  • Security 
    • Threats and attacks 
    • Mitigation 
    • Testing 
  • Confidentiality and privacy 
  • Incident response 

Area III: Considerations for System and Organization Controls (SOC) Engagements (15 – 25%) 

  • Considerations specific to planning and performing an SOC engagement 
  • Considerations specific to reporting on an SOC engagement

When should I take the ISC CPA Exam? 

We recommend taking the CPA Exam sections in this order if you choose ISC: 

  1. FAR
  2. AUD
  3. ISC
  4. REG

Or, this is another good option: 

  1. FAR
  2. REG
  3. AUD
  4. ISC

We recommend FAR first because it provides much of the foundational accounting information so it's a good option to start with. Since ISC topics extend from AUD, it makes sense to take ISC directly after taking the AUD CPA Exam, allowing you to start first with a strong foundation on these topics, then deepening your knowledge in preparation for ISC. 

Should I choose ISC as my Discipline?

If you need a bit of insight into choosing your Discipline, National Instructor Mike Potenza shares the three questions you should ask yourself to choose the right one!

If you're interested in how information technology, security, and data management relate to accounting and finance, taking the ISC CPA Exam may be the right choice for you. When you pass this section of the CPA Exam, you'll be able to demonstrate skills related to:

  • Business processes 
  • Information systems 
  • Information security 
  • IT audits 
  • System and Organization Controls (SOC) engagements 

With this proven knowledge and expertise, job opportunities include: 

  • Financial data manager 
  • Financial analyst 
  • Engineer of finance data 
  • Financial data scientist 
  • Chief Information Officer (CIO) or Chief Technology Officer (CTO)
  • IT auditor 

It’s important to note that which Discipline section you take is not reflected on your CPA license, allowing you the flexibility to switch focus or pursue other specializations if you decide that this area isn’t right for you. You can take ISC with the intention to work in financial data, but later decide to pursue career opportunities in a different field that more closely aligns with other newly discovered interests. 

Not sure which Discipline is right for you? Take our 4-question quiz to find out! 


How is the ISC CPA Exam scored?

The ISC CPA Exam, like all CPA Exam sections, is scored on a scale of 0 to 99. You must earn a minimum of 75 across all 82 MCQs and six TBSs to pass. Each question is rated according to its difficulty and how much of the question you’ve answered correctly.

The best test-taking strategy encourages you to answer all questions—even if you’re unsure of the answer—because you do not lose points for incorrect answers, and you may earn partial credit on task-based simulations that have multiple components.

ISC is unique in that MCQs and TBSs are weighted differently: MCQs weigh 60 percent of your exam score, while TBSs weigh 40 percent. All other CPA Exam sections distribute the scoring evenly at 50 percent for both MCQs and TBSs.

ISC CPA Exam pass rate

The AICPA released the latest CPA Exam pass rates in June 2024. Although the numbers range from TCP at an impressive 82.36 percent pass rate, all the way to FAR at 41.92 percent, 50.93 percent of students passed ISC2.

50.93% of students passed the ISC CPA Exam, according to the latest scores released from AICPA in June 2024. 

But don't get discouraged! Becker provides the guidance, study materials, and support to fully prepare students for exam success. Now that the ISC section has been integrated into the CPA Exam, our content is updated to help you enter exam day with full confidence. 

ISC CPA Exam study tips

Studying for the ISC CPA Exam may seem daunting, but it's easier to set yourself up for success by following some simple tips: 

Create a routine

Whether you're an early-morning riser or do best in the evenings, it's important to create—and stick to—a schedule that prioritizes your study sessions.

Practice MCQs

It's necessary to be comfortable facing both MCQs and TBSs, but MCQs are weighted slightly higher in the ISC exam. Be extra-confident in your MCQ strategy.

Get tech savvy

ISC is all about technology and data in the accounting world and best practices when using these tools to better the industry. Prioritize topics that are heavily weighted on this exam and be sure to follow a study guide that dives deep into these concepts.

Be accountable

Whether you have a study partner or enroll in a CPA Exam study program, find an effective way to keep yourself accountable to study daily, follow your plan, and stay focused on important content. 

Find a great CPA Exam prep course

Sometimes, all you really want is guidance to know what to study, a path to stay focused, and experts who can curate exactly what you need to know, formatted in the way you like to learn. This is why a great CPA study course is vital to exam success. 

Pass the ISC CPA Exam with Becker

Becker wants you to succeed when you take ISC. To help you, we've poured our resources into creating study materials and convenient tools that are updated, engaging, and backed by our pass guarantee policy

Try Becker FREE for 14 days

If you want to see how Becker gets you Exam Day ReadySM, get a free 14-day trial of our leading CPA Exam Review, including our lecture videos, digital textbooks, study planner, and more!


Related articles

Now Leaving

You are leaving the website. Once you click “continue,” you will be brought to a third-party website. Please be aware, the privacy policy may differ on the third-party website. Adtalem Global Education is not responsible for the security, contents and accuracy of any information provided on the third-party website. Note that the website may still be a third-party website even the format is similar to the website.