Certified Information Systems Auditor

To achieve the career path of Certified Information Security Auditor, Internal Auditor, Information Security Officer, and External Auditor.

CISA Exam Syllabus: The 5 Domains

• Domain 1: The process of auditing information systems (21%)

• Domain 2: Governance and management of IT (16%)

• Domain 3: Information systems acquisition, development, and implementation (18%)

• Domain 4: Information systems operations, maintenance and support (20%)

• Domain 5: Protection of information assets (25%)

The Process of Auditing Information Systems

The first domain covers how IT auditors provide services in accordance with IT audit standards to assist the organization in protecting and controlling information systems.

The tasks include developing and implementing a risk-based IT audit strategy, planning and conducting the audit, and reporting findings.

Governance and Management of IT

The second domain covers how IT auditors provide assurance regarding structures and processes that are in place.

Acquisition, Development, and Implementation:

The third domain covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization's strategies and objectives.

IS Operations, Maintenance and Support

Provide assurance that the processes for information systems operations, maintenance, and support meet the organization's strategies and objectives, which include a periodic review of information security, an evaluation of service level management practices, end-user procedures, and a process for information system maintenance.

Protection of Information Assets

The last domain covers how IT auditors provide assurance that the organizations security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.