Course Description
CISA is the globally recognized gold standard for IS audit, control, and assurance, in demand and valued by leading global brands. It's often a mandatory qualification for employment as an IT auditor. CISA holders have validated ability to apply a risk-based approach to planning, executing and reporting on audit engagements. This CISA training course provides you with in-depth coverage of the five CISA domains that are covered on the CISA exam. These domains include auditing information systems; IT governance and management of IT; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets.
Course Outline
Domain 1 - Information System Auditing Process
Topics:
- IS Audit Standards, Guidelines, Functions, and Codes of Ethics
- Types of Audits, Assessments, and Reviews
- Risk-based Audit Planning
- Types of Controls and Considerations
- Audit Project Management
- Audit Testing and Sampling Methodology
- Audit Evidence Collection Techniques
- Audit Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of Audit Process
Domain 2 - Governance and Management of IT
Topics
- Laws, Regulations, and Industry Standards
- Organizational Structure, IT Governance, and IT Strategy
- IT Policies, Standards, Procedures, and Guidelines
- Enterprise Architecture and Considerations
- Enterprise Risk Management (ERM)
- Privacy Program and Principles
- Data Governance and Classification
- IT Resource Management
- IT Vendor Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Domain 3 - Information Systems Acquisition, Development, and Implementation
Topics:
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- System Readiness and Implementation Testing
- Implementation Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Postimplementation Review
Domain 4 - Information Systems Operations and Business Resilience
Topics:
- IT Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces & End-user Computing and Shadow IT
- Systems Availability and Capacity Management
- Problem and Incident Management
- IT Change, Configuration, and Patch Management
- Operational Log Management
- IT Service Level Management
- Database Management
- Business Impact Analysis
- System and Operational Resilience
- Data Backup, Storage, and Restoration
- Business Continuity Plan
- Disaster Recovery Plans
Domain 5 - Protection of Information Assets
Topics:
- Information Asset Security Policies, Frameworks, Standards, and Guidelines
- Physical and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Loss Prevention
- Data Encryption
- Public Key Infrastructure (PKI)
- Cloud and Virtualized Environments
- Mobile, Wireless, and Internet-of-Things Devices
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Logs, Tools, and Techniques
- Security Incident Response Management & Evidence Collection and Forensics
Course Objectives
- Prepare for and pass the Certified Information Systems Auditor (CISA) Exam
- Develop and implement a risk-based IT audit strategy in compliance with IT audit standards
- Evaluate the effectiveness of an IT governance structure
- Ensure that the IT organizational structure and human resources (personnel) management support the organizationís strategies and objectives
- Review the information security policies, standards, and procedures for completeness and alignment with generally accepted practices
Course Prerequisites
IT professionals must have 2+ years or more of IS audit, control, assurance and security experience.
Course Information
Length: 4 day
Format: Lecture
Delivery Method: n/a
Max. Capacity: 16
Schedule
Contact Us
Do you have more questions? We're delighted to assist you!
Who Should Attend
Early to mid-career professionals looking to gain recognition and enhanced credibility in interactions with internal and external stakeholders, regulators, and customers.
Job roles include:
- IT Audit Directors/Managers/Consultants
- IT and Internal Auditors
- Compliance/Risk/Privacy Directors
- IT Directors/Managers/Consultants