Certified Information
Systems Auditor
Overview
Course Objective
Upon successful completion of this course, students will be able to:
• Establish and maintain a framework to provide assurance that information security
strategies are aligned with business objectives and consistent with applicable laws and
regulations.
• Identify and manage information security risks to achieve business objectives. create a program to implement the information security strategy.
• Implement an information security program.
• Oversee and direct information security activities to execute the information security
program.
• Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents
Who Should Attend
Prerequisites
Students taking this course should have a minimum of five years of professional information systems auditing, control, or security work experience as described in the CISA job practice domain areas:
• The Process of Auditing Information Systems
• Governance and Management of IT
• Information Systems Acquisition, Development, and Implementation
• Information Systems Operations, Maintenance and Support
• Protection of Information Assets
Training Calendar
Intake
Duration
Program Fees
Module
Module 1 - The Process of Auditing Information Systems
• ISACA Information Systems Auditing Standards and Guidelines
• Fundamental Business Processes
• Develop and Implement an Information Systems Audit Strategy
• Plan an Audit
• Conduct an Audit
• The Evidence Life Cycle
• Communicate Issues, Risks, and Audit Results
• Support the Implementation of Risk Management and Control
Practices
Module 2 - IT Governance and Management
• Evaluate the Effectiveness of IT Governance
• Evaluate the IT Organizational Structure and HR Management
• Evaluate the IT Strategy and Direction
• Evaluate IT Policies, Standards, and Procedures
• Evaluate the Effectiveness of Quality Management Systems
• Evaluate IT Management and Monitoring of Controls
• IT Resource Investment, Use, and Allocation Practices
• Evaluate IT Contracting Strategies and Policies
• Evaluate Risk Management Practices
• Performance Monitoring and Assurance Practices
• Evaluate the Organization’s Business Continuity Plan
Module 3 - Information Systems Acquisition, Development, and Implementation
• Evaluate the Business Case for Change
• Evaluate Project Management Frameworks and Governance
Practices
• Development Life Cycle Management
• Perform Periodic Project Reviews
• Evaluate Control Mechanisms for Systems
• Evaluate Development and Testing Processes
• Evaluate Implementation Readiness
• Evaluate a System Migration
• Perform a Post-Implementation System Review
Module 4 - Information Systems Operations, Maintenance, and Support
• Perform Periodic System Reviews
• Evaluate Service Level Management Practices
• Evaluate Third-Party Management Practices
• Evaluate Operations and End User Management Practices
• Evaluate the Maintenance Process
• Evaluate Data Administration Practices
• Evaluate the Use of Capacity and Performance Monitoring
Methods
• Evaluate Change, Configuration, and Release Management
Practices
• Evaluate Problem and Incident Management Practices
• Evaluate the Adequacy of Backup and Restore Provisions
Module 5 - Protection of Information Assets
• Information Security Design
• Encryption Basics
• Evaluate the Functionality of the IT Infrastructure
• Evaluate Network Infrastructure Security
• Evaluate the Design, Implementation, and Monitoring of Logical
Access Controls
• Risks and Controls of Virtualization
• Evaluate the Design, Implementation, and Monitoring of Data
Classification Process
• Evaluate the Design, Implementation, and Monitoring of Physical
Access Controls
• Evaluate the Design, Implementation, and Monitoring of
Environmental Controls
FAQs
General Questions:
Q: What is the Certified Information Systems Auditor (CISA®) course about?
The CISA® course, awarded by ISACA, equips professionals to evaluate and ensure that an organization’s information systems align with its business objectives. It focuses on auditing, control, and assurance of IT systems, covering best practices, governance, security, risk management, and compliance.
Q: Who should attend this course?
This course is designed for information systems security professionals, internal auditors, and individuals involved in auditing, controlling, monitoring, and assessing IT and business systems.
Q: What are the prerequisites for this course?
Candidates should have a minimum of five years of professional experience in information systems auditing, control, or security across CISA’s five domain areas. While the course supports exam preparation, it is not sufficient alone due to the breadth of knowledge required by ISACA.
Q: How long is the course?
The course duration is 5 days.
Q: What key topics are covered in this course?
The course is structured into five modules:
Module 1: The Process of Auditing Information Systems – Covers audit strategy, standards, planning, execution, risk communication, and risk management practices.
Module 2: IT Governance and Management – Focuses on IT governance frameworks, organizational structure, strategy, policy evaluation, risk, and performance monitoring.
Module 3: Information Systems Acquisition, Development, and Implementation – Explores project governance, system development life cycle, testing, readiness, migration, and post-implementation reviews.
Module 4: Information Systems Operations, Maintenance, and Support – Includes system reviews, third-party management, service levels, change and incident management, backup processes, and data administration.
Module 5: Protection of Information Assets – Covers security design, encryption, access controls, physical and environmental controls, and infrastructure evaluation.
Q: Will I receive a certification after completing the course?
This course helps prepare for the CISA® exam. After passing the official exam and meeting ISACA’s work experience requirements, participants can earn the globally recognized CISA® certification.
Program Content & Skills:
Q: What foundational IT auditing concepts will I learn in this course?
You will learn how to define, plan, and execute information systems audits in accordance with ISACA standards and best practices. This includes developing audit strategies, conducting audits, evaluating evidence, communicating findings, and supporting risk management and control practices.
Q: How does the course prepare me to align information systems with business strategy?
The course emphasizes evaluating IT governance frameworks and ensuring that information security strategies and IT initiatives support overall business objectives. You’ll explore IT organizational structures, strategic direction, policy development, and resource allocation aligned with business goals.
Q: What skills will I develop in managing IT-enabled systems and projects?
You’ll gain expertise in evaluating system acquisition and development processes, project governance, system implementation readiness, and post-implementation reviews. Skills include analyzing business cases, overseeing development life cycles, and assessing control mechanisms and system migrations.
Q: Will I learn how to manage and mitigate information security risks?
Yes, the course provides tools to identify, manage, and mitigate information security risks. You’ll learn to evaluate security designs, implement logical and physical access controls, assess network infrastructure, and manage risk through monitoring and incident response strategies.
Q: How does the course address compliance and business continuity?
You will learn to assess compliance with laws, regulations, and internal policies, and to evaluate an organization’s business continuity and disaster recovery strategies. The course emphasizes governance structures, risk assurance practices, and the ability to maintain IT services during disruptions.
Submit your interest today !
