Certified Information Systems Auditor (CISA)

Course Content

Information Systems Audit Process:
Developing a risk-based IT audit strategy
Planning specific audits
Conducting audits to IS audit standards
Implementation of risk management and control practices

IT Governance and Management:
Effectiveness of IT Governance structure
IT organisational structure and human resources (personnel) management
Organisation’s IT policies, standards and procedures
Adequacy of the Quality Management System
IT management and monitoring of controls
IT resource investment
IT contracting strategies and policies
Management of organisations IT related risks
Monitoring and assurance practices
Organisation business continuity plan

Information Systems Acquisition, Development and Implementation:
Business case development for IS acquisition, development, maintenance and retirement
Project management practices and controls
Conducting reviews of project management practices
Controls for requirements, acquisition, development and testing phases
Readiness for information systems
Project Plan Reviewing
Post Implementation System Reviews

Information Systems Operations, Maintenance and Support:
Conduct periodic reviews of organisations objectives
Service level management
Third party management practices
Operations and end-user procedures
Process of information systems maintenance
Data administration practices to determine the integrity & optimisation of databases
Use of capacity and performance monitoring tools & techniques
Problem and incident management practices
Change, configuration and release management practices
Adequacy of backup and restore provisions
Organisation’s disaster recovery plan in the event of a disaster

Protection of Information Assets:
Information security policies, standards and procedures
Design, implementing, monitoring of system and logical security controls
Design, implementing, monitoring of data classification processes and procedures
Design, implementing, monitoring of physical access and environmental controls
Processes and procedures to store, retrieve, transport and dispose of information assets

CISA Examination

The CISA exam is booked separately through ISACA
It is carried out three times a year during the months of June, September & December
The exam consists of 200 multiple-choice questions within a 4-hour time limit
Exam scores are scaled to 800
The pass mark is 450/800

What is CISA?

CISA (Certified Information Systems Auditor) is a globally recognised certification for Information Systems Auditing and Security professionals. As the requirements for certification include at least five years’ work in the field, CISA is a proof of both knowledge and experience in IS/IT auditing.
CISA is provided by ISACA, a non-profit independent association for IT governance professionals which provides knowledge and best practices for the industry, as well as a range of professional, globally recognised certifications.