Certified Information Systems Auditor Training Course (CISA)

This 4-day course provides you the knowledge you need to pass the Certified Information Systems Auditor exam and achieve professional CISA certification. CISA is a valuable and much sought-after certification in the marketplace, demonstrating evidence of knowledge and expertise in Information Systems auditing, control and security.

Prerequisites:

• Anybody looking to achieve CISA certification can attend this course and undertake the CISA exam.
• To apply for CISA certification, you must have a minimum of five years of professional information systems auditing, control or security work experience. 
• If you do not have this experience, not to worry – you can do the course, pass the exam and gain the experience later, as long as it is achieved within a period of ten years. See ISACA for details.

Course Content:

• Information Systems Audit Process:
• Developing a risk-based IT audit strategy
• Planning specific audits
• Conducting audits to IS audit standards
• Implementation of risk management and control practices
• IT Governance and Management:
• Effectiveness of IT Governance structure
• IT organisational structure and human resources (personnel) management
• Organisation’s IT policies, standards and procedures
• Adequacy of the Quality Management System
• IT management and monitoring of controls
• IT resource investment
• IT contracting strategies and policies
• Management of organisations IT related risks
• Monitoring and assurance practices
• Organisation business continuity plan
• Information Systems Acquisition, Development and Implementation:
• Business case development for IS acquisition, development, maintenance and retirement
• Project management practices and controls
• Conducting reviews of project management practices
• Controls for requirements, acquisition, development and testing phases
• Readiness for information systems
• Project Plan Reviewing
• Post Implementation System Reviews
• Information Systems Operations, Maintenance and Support:
• Conduct periodic reviews of organisations objectives
• Service level management
• Third party management practices
• Operations and end-user procedures
• Process of information systems maintenance
• Data administration practices to determine the integrity & optimisation of databases
• Use of capacity and performance monitoring tools & techniques
• Problem and incident management practices
• Change, configuration and release management practices
• Adequacy of backup and restore provisions
• Organisation’s disaster recovery plan in the event of a disaster
• Protection of Information Assets:
• Information security policies, standards and procedures
• Design, implementing, monitoring of system and logical security controls
• Design, implementing, monitoring of data classification processes and procedures
• Design, implementing, monitoring of physical access and environmental controls
• Processes and procedures to store, retrieve, transport and dispose of information assets