ISACA CISA

Certified Information Systems Auditor is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organisation’s information technology and business systems.

CISA certification is foundational to a successful IT career. If you are an entry-level to mid-career professional, CISA can showcase your expertise and assert your ability to apply a risk-based approach to planning, executing and reporting on audit engagements. 

Gain instant credibility in your interactions with internal stakeholders, regulators, external auditors, and customers.

What Delegates Will Learn:

• The course utilises the official ISACA CISA preparation course material, going through each of the 5 CISA Domains:
• •Information System Auditing Process
• •Governance and Management of IT
• •Information Systems, Acquisition, Development and Implementation
• •Information Systems Operations and Business Resilience
• •Protection of Information Assets

Module Outline:

• Domain 1 — Information System Auditing Process
• •Plan an audit to determine whether information systems are protected, controlled, and provide value to the organisation.
• •Conduct an audit in accordance with IS audit standards and a risk-based IS audit strategy.
• •Communicate audit progress, findings, results and recommendations to stakeholders.
• •Conduct audit follow-up to evaluate whether the risk has been sufficiently addressed.
• •Evaluate IT management and monitoring of controls.
• •Utilise data analytics tools to streamline audit processes.
• •Provide consulting services and guidance to the organisation in order to improve the quality and control of information systems.
• •Identify opportunities for process improvement in the organisation’s IT policies and practices.
•  
• Domain 2 – Governance & Management of IT
•  
• •Evaluate the IT strategy for alignment with the organisation’s strategies and objectives.
• •Evaluate the effectiveness of IT governance structure and IT organizational structure.
• •Evaluate the organisation’s management of IT policies and practices.
• •Evaluate the organisation’s IT policies and practices for compliance with regulatory and legal requirements.
• •Evaluate IT resource and portfolio management for alignment with the organisation’s strategies and objectives.
• •Evaluate the organisation’s risk management policies and practices.
• •Evaluate IT management and monitoring of controls.
• •Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
• •Evaluate whether IT supplier selection and contract management processes align with business requirements.
• •Evaluate whether IT service management practices align with business requirements.
• •Conduct periodic reviews of information systems and enterprise architecture.
• •Evaluate data governance policies and practices.
• •Evaluate the information security program to determine its effectiveness and alignment with the organisation’s strategies and objectives.
• •Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices
•  
•  
• Domain 3 – Information Systems Acquisition, Development, & Implementation
• •Evaluate whether the business case for proposed changes to information systems meets business objectives.
• •Evaluate the organisation’s project management policies and practices.
• •Evaluate controls at all stages of the information systems development life cycle.
• •Evaluate the readiness of information systems for implementation and migration into production.
• •Conduct post-implementation review of systems to determine whether project deliverables, controls and requirements are met.
• •Evaluate change, configuration, release, and patch management policies and practices.
•  
• Domain 4 – Information Systems Operations and Business Resilience
• •Evaluate the organisation’s ability to continue business operations.
• •Evaluate whether IT service management practices align with business requirements.
• •Conduct periodic reviews of information systems and enterprise architecture.
• •Evaluate IT operations to determine whether they are controlled effectively and continue to support the organisation’s objectives.
• •Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organisation’s objectives.
• •Evaluate database management practices.
• •Evaluate data governance policies and practices.
• •Evaluate problem and incident management policies and practices.
• •Evaluate change, configuration, release, and patch management policies and practices.
• •Evaluate end-user computing to determine whether the processes are effectively controlled.
•  
• Domain 5 – Protection of Information Assets
• •Conduct audits in accordance with IS audit standards, and a risk-based IS audit strategy.
• •Evaluate problem and incident management policies and practices.
• •Evaluate the organisation’s information security and privacy policies and practices.
• •Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
• •Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
• •Evaluate data classification practices for alignment with the organisation’s policies and applicable external requirements.