CPA Exam · ISC — Information Systems & Controls (Discipline)
Isc Overview
ISC — Information Systems and Controls: Overview Exam: CPA — Certified Public Accountant Section: ISC — Information Systems and Controls (Discipline) Last Updated: 2026-06-26 --- ## Key Takeaways - ISC is one of three Discipline sections; candidates choose one of BAR, ISC, or TCP. - ISC is 4 hours, with 82 MCQs and 6 TBSs — the most MCQ-heavy Discipline. - Content is largely new to the CPA exam (not repackaged from BEC); expect to study topics that feel unfamiliar. - Core focus: IT governance, information security, data management, and SOC reporting. - Best fit for candidates with IT audit, internal controls, or systems advisory backgrounds. --- ## What ISC Tests ISC assesses whether a CPA can evaluate and advise on information systems, IT controls, and privacy/security frameworks — skills increasingly demanded of CPAs in audit, advisory, and compliance roles. Topics span: - IT governance frameworks and how they align with business objectives - Security controls: physical, logical, network, and application-level - Data management: databases, data integrity, analytics infrastructure - SOC engagements: SOC 1, SOC 2, SOC 3 — understanding and reporting on controls at service organizations - Privacy regulations: GDPR, CCPA, and sector-specific requirements - Network architecture and its relevance to audit and control testing --- ## Content Area Weight Distribution | Content Area | Approximate Weight | |---|---| | IT governance and IT general controls (ITGCs) | 25–35% | | Security controls and risk management | 20–30% | | Network architecture and technology environments | 10–20% | | Data management, analytics, and cloud | 10–20% | | SOC engagements and reporting | 15–25% | Note: Confirm against current AICPA Blueprint at aicpa.org. --- ## Key Topics by…
Keep reading: Isc Overview
Unlock the full CPA Exam course — every lesson, the AI tutor, and full mock exams.