Certified Information Systems Auditor (CISA)

Course Overview

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals.

Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.

Enhance your career by earning CISA—world-renowned as the standard of achievement for those who audit, control, monitor and assess information technology and business systems

Course Schedule

Request Group Training

Target Audience

CISA is designed for:

IS/IT Auditors

IS/IT Consultants

IS/IT Audit Managers

Security Professionals

Non-IT Auditors

Course Prerequisites

A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas)

Expected Accomplishments

At the end of this course, you will:

Gain a better understanding of IS audit and assurance guidelines and standards.
Develop a working knowledge of the five domains of CISA.
Learn the strategies utilized by successful CISA exam takers

Course Outline

The course covers all five of the CISA domains, and each section corresponds directly to the CISA job practice.

The job practice domains and task and knowledge statements are as follows:

Domain 1—The Process of Auditing Information Systems (21%)
Domain 2—Governance and Management of IT (16%)
Domain 3—Information Systems Acquisition, Development and Implementation (18%)
Domain 4—Information Systems Operations, Maintenance and Service Management (20%)
Domain 5—Protection of Information Assets (25%)

Domain 1 — The Process of Auditing Information Systems

Domain 1 Workbook: Knowledge Statements, Tasks Statements, Glossary & Notes
Risk-based IS Audit Strategy
Plan Audits
Conduct Audits
- Process & Procedures
- Important Concepts
Control Self-Assessments (CSA)
Communicate Audit Results & Follow-up
Domain 1 Case Study Activity

Domain 2 – Governance & Management of IT

Domain 2 Workbook: Knowledge Statements, Tasks Statements, Glossary & Notes
Evaluate the IT Strategy
Evaluate the IT Governance Structure
Evaluate the IT Organization Structure & HR Management, IT Policies, Standards, & Procedures
Evaluate IT Resource Management & IT Portfolio Management
Evaluate Risk Management Practices & IT Management
Evaluate Controls & KPIs
Evaluate the Organization’s BCP
Domain 2 Case Study Activity

Domain 3 – Information Systems Acquisition, Development, & Implementation

Domain 3 Workbook: Knowledge Statements, Tasks Statements, Glossary & Notes
Evaluate the Business Case for Proposed Investments
Evaluate the IT Supplier Selection & Contract Management Processes
Evaluate the Project Management Framework
Conduct Project Reviews
Virtualization & Cloud Service Provider (CSP) Architecture
Evaluate Controls for Information Systems during Acquisition
Evaluate Readiness for Implementation
Conduct Post-Implementation Reviews
Domain 3 Case Study Activity

Domain 4 – Information Systems Operations, Maintenance, & Service Management

Domain 4 Workbook: Knowledge Statements, Tasks Statements, Glossary & Notes
Evaluate IT Service Management Framework & Practices
Conduct Periodic Reviews of Information Systems
Evaluate IT Operations & IT Maintenance
Evaluate Database Management Practices & Data Quality
Evaluate Problem & Incident Management
Change and Release Management Practices
Evaluate End User Computing, & IT Continuity & Resilience
Disaster Recovery Testing
Domain 4 Case Study Activity

Domain 5 – Protection of Information Assets

Domain 5 Workbook: Knowledge Statements, Tasks Statements, Glossary & Notes
Evaluate Information Security & Privacy
Evaluate Physical & Environmental Controls
Evaluate the System & Logical Security Controls
Evaluate Data Classification & Information Asset Safeguards
Evaluate Information Security Programs
Domain 5 Case Study Activity