Certified Information Systems Auditor

Overview:

This 4-day course provides you the knowledge you need to pass the Certified Information Systems Auditor exam and achieve professional CISA certification. CISA is a valuable and much sought-after certification in the marketplace, demonstrating evidence of knowledge and expertise in Information Systems auditing, control and security.

Course Contents

Information Systems Audit Process:

• Developing a risk-based IT audit strategy
• Planning specific audits
• Conducting audits to IS audit standards
• Implementation of risk management and control practices

IT Governance and Management:

• Effectiveness of IT Governance structure
• IT organisational structure and human resources (personnel) management
• Organisation’s IT policies, standards and procedures
• Adequacy of the Quality Management System
• IT management and monitoring of controls
• IT resource investment
• IT contracting strategies and policies
• Management of organisations IT related risks
• Monitoring and assurance practices
• Organisation business continuity plan

Information Systems Acquisition, Development and Implementation:

• Business case development for IS acquisition, development, maintenance and retirement
• Project management practices and controls
• Conducting reviews of project management practices
• Controls for requirements, acquisition, development and testing phases
• Readiness for information systems
• Project Plan Reviewing
• Post Implementation System Reviews

Information Systems Operations, Maintenance and Support:

• Conduct periodic reviews of organisations objectives
• Service level management
• Third party management practices
• Operations and end-user procedures
• Process of information systems maintenance
• Data administration practices to determine the integrity & optimisation of databases
• Use of capacity and performance monitoring tools & techniques
• Problem and incident management practices
• Change, configuration and release management practices
• Adequacy of backup and restore provisions
• Organisation’s disaster recovery plan in the event of a disaster

Protection of Information Assets:

• Information security policies, standards and procedures
• Design, implementing, monitoring of system and logical security controls
• Design, implementing, monitoring of data classification processes and procedures
• Design, implementing, monitoring of physical access and environmental controls
• Processes and procedures to store, retrieve, transport and dispose of information assets