The Certified Information Systems Auditor (CISA)

Course Content

Course is aligned with ISACA and will give attendees the tools to take the official exam. It will give attendees the skillsets to govern and control enterprise IT and perform an effective security audit on any organisation. Attendees will gain expertise in the acquisition, development, testing, and implementation of information systems and learn the guidelines, standards and best practices of protecting them.

After completing this course, the student will be able to:

  • Prepare for the Certified Information Systems Auditor (CISA) exam
  • Develop and implement a risk-based IT audit strategy in compliance with IT audit standards
  • Evaluate the effectiveness of an IT governance structure
  • Ensure that the IT organisational structure and human resources (personnel) management support the organisation’s strategies and objectives
  • Review the information security policies, standards, and procedures for completeness and alignment with generally accepted practices

Course Duration

4 Days

Who is this course for?

The course is intended for professionals who have a minimum of 5 years of professional work experience in information systems auditing, control or security.

Course Syllabus

    • Risk-based IS Audit Strategy
    • Plan Audits
    • Conduct Audits - Process & Procedures
    • Conduct Audits - Important Concepts
    • Control Self-Assessments (CSA)
    • Communicate Audit Results & Follow-up
    • Evaluate the IT Strategy
    • Evaluate the IT Governance Structure
    • Evaluate the IT Organisation Structure & HR Management, IT Policies, Standards, & Procedures
    • Evaluate IT Resource Management & IT Portfolio Management
    • Evaluate Risk Management Practices & IT Management
    • Evaluate Controls & KPIs
    • Evaluate the Organisation’s BCP
    • Evaluate the Business Case for Proposed Investments
    • Evaluate the IT Supplier Selection & Contract Management Processes
    • Evaluate the Project Management Framework
    • Conduct Project Reviews
    • Virtualization & Cloud Service Provider (CSP) Architecture
    • Evaluate Controls for Information Systems during Acquisition
    • Evaluate Readiness for Implementation
    • Conduct Post-Implementation Reviews
    • Evaluate IT Service Management Framework & Practices
    • Conduct Periodic Reviews of Information Systems
    • Evaluate IT Operations & IT Maintenance
    • Evaluate Database Management Practices & Data Quality
    • Evaluate Problem & Incident Management
    • Change and Release Management Practices
    • Evaluate End User Computing, & IT Continuity & Resilience
    • Disaster Recovery Testing
    • Evaluate Information Security & Privacy
    • Evaluate Physical & Environmental Controls
    • Evaluate the System & Logical Security Controls
    • Evaluate Data Classification & Information Asset Safeguards
    • Evaluate Information Security Programs