Annual CPE Audit

Compliant Documentation should include all of the following pieces of information within one document, whenever possible:

• Your name as the attendee/presenter
• Name of the sponsoring organization
• Title of activity and description
• Date of the activity
• The number of Continuing Professional Education (CPE) hours awarded or detailed event duration
• Verifier signature, stamp, or other third-party attestation of completion

Documentation should be in one of the following forms:

1. Verification of Attendance Form
2. Certificate of completion/attendance
3. Verified confirmation letter
4. Independent proof of completion

Non-Compliant Documentation often includes:

• Event registration information/receipts
• Calendar invites or screenshots
• Slideshow presentations
• Email attendance confirmation without duration or CPE hours earned

Examples of Compliant and Non-Compliant Documentation:

• Examples of Compliant Documentation
• Examples of Non-Compliant Documentation

If you are unable to provide compliant documentation, you may utilize the Verification of Attendance Form and have it signed by an authorized individual either from the sponsoring organization or who is aware of your attendance, such as your manager.

Once you have gathered all CPE supporting and compliant documentation inclusive of the requirements stated above, keep the originals for your records and submit PDF copies by replying to your audit email, if selected.

Annual CPE Audit Timeline
Notification of the audit of 2023 CPE hours will be sent the week of Monday, 3 June 2024.

The deadline to comply with this year’s audit is Friday, 26 July 2024.

Audit Selection Criteria
The audit selection process is as follows:

• Must be an ISACA certificate holder for at least one of the five core certifications:
  • CISA
  • CISM
  • CGEIT
  • CRISC
  • CDPSE
• Must have been certified on or during the calendar year under audit
• Auditees are chosen at random regardless of number or CPE category reported

1. What is the selection criteria of ISACA’s Annual CPE Audit?

CISA, CISM, CRISC, CGEIT, and CDPSE Certification holders who have reported CPE hours for the year prior are randomly selected for the audit. Certification holders who retired their certification during the audited year will be waived from the audit.

2. I was previously audited for my CPE. Why am I being audited again?

As the audit selection process is random, it does not exclude individuals who have been selected in previous years. For this reason, a person may be selected multiple times.

3. I do not have compliant documentation for the CPE that I reported (because my laptop crashed; my documents were stored on a machine with my previous employer; I lost the documentation; etc.). How should I proceed?

We suggest that you contact the sponsoring organizations for the activities you attended for duplicate CPE certificates or other proof of attendance.

We will also accept a completed Verification of Attendance form signed by your manager if they are aware of your attendance at a qualified event or your completion of a qualified activity.

4. I cannot obtain compliant documentation to support the CPE hours and/or I added CPE hours for an activity that is not yet completed. What will happen?

CPE hours should only be added after an activity is completed and you have compliant documentation for the activity. If you cannot produce compliant documentation for the activity you will not be able to claim the activity for the CPE audit and your CPE audited hours will be reduced or updated accordingly. Please note that when your hours are reduced you will still need to be able to meet your annual and/or three-year cycle requirements in order to be compliant with the audit. If the reduction makes you short of the CPE requirement(s) then your certification will be subject to revocation.

Click here for an extensive list of FAQs related to the CPE audit.

If after using these resources you have additional questions regarding the Annual CPE Audit Process, contact the ISACA Customer Experience Center.