CISA®—Certified Information Systems Auditor
CISA®—Certified Information Systems Auditor is designed for those who audit, control, monitor and assess an enterprise’s information technology and business systems.
Why you should attend
CISA is the globally recognized gold standard for IS audit, control, and assurance, in demand and valued by leading global brands. It’s often a mandatory qualification for employment as an IT auditor. CISA holders have validated ability to apply a risk-based approach to planning, executing and reporting on audit engagements.
CISAs are recognized internationally as professionals with the assurance knowledge, skills, experience and credibility necessary to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, validate controls and deliver value to the enterprise. The increased dependence on technology and information ensures that CISA certification-holders will continue to be in demand for assurance and security functions.
Who should attend?
Early to mid-career professionals looking to gain recognition and enhanced credibility in interactions with internal and external stakeholders, regulators, and customers. Job roles include:
- IT Audit Directors/Managers/Consultants
- IT and Internal Auditors
- Compliance/Risk/Privacy Directors
- IT Directors/Managers/Consultants
Learning objectives
- Process of Auditing Information Systems;
- Governance and Management of IT;
- Information Systems Acquisition, Development and Implementation;
- Information Systems Operations, Maintenance and Service Management;
- Protection of Information Assets
CISA certification
To qualify for CISA, you must have 5 years of information systems auditing, control, assurance or security work experience within the past 10 years of the application submission date.
If you do not meet the 5-year experience requirements you may also opt to submit waivers for experience (up to a maximum of 3 years) as it is specified in the CISA Application form.
Course topics
Domain 1: Information Systems Auditing Process
• IS Audit Standards, Guidelines and Codes of Ethics
• Risk-based Audit Planning
• Types of Audits and Assessments Execution
• Data Analytics
• Reporting and Communication Techniques
• Quality Assurance and Improvement of the Audit Process
Domain 2: Governance and Management of IT, IT Governance and IT Strategy
• IT-related Frameworks
• Organizational Structure
• Laws, Regulations and Industry Standards Affecting the Organization IT Management
• IT Resource Management
• IT Service Provider Acquisition and Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT
Domain 3: Information Systems Acquisition, Development and Implementation Information Systems Acquisition and Development
• Project Governance and Management
• System Development Methodologies
• Testing Methodologies
• Post-implementation Review
Domain 4: Information Systems Operations and Business Resilience Information Systems Operations
• System Interfaces
• Data Governance
• Systems Performance Management
• Problem and Incident Management
• Change, Configuration, Release and Patch Management
• IT Service Level Management
• Database Management
Business Resilience
• Business Impact Analysis
• Data Backup, Storage and Restoration
• Business Continuity Plan
• Disaster Recovery Plans
Domain 5: Information Asset Security Frameworks, Standards and Guidelines
• Privacy Principles
• Identity and Access Managementt
• Data Encryption and Encryption-related Techniques
• Web-based Communication Technologies
• Mobile, Wireless and Internet-of-things Devices
Security Event Management
• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing and Monitoring Tools and Techniques
• Incident Response Management
• Evidence Collection and Forensics
Included in training fee
- Official ISACA training material:
Review Manual which is a comprehensive reference guide designed to help individuals prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor.
QAE (Questions, Answers & Explanations) where each question and answer set includes in-depth explanations for each answer choice, allowing the learner to fully understand the rationale behind each correct—and incorrect—answer choice.
- Examination voucher
Exam details
- Exam Duration : 4 Hours
- Exam Format : Multiple Choices
- Number of Questions : 150 Questions
For further information you can view the Exam Guide here
Trainer
Eliza Popa
I am a Diplomat Economist who has been working with CII organizations for over 30 years. Out of this tenure, 14 years have been dedicated to IT digital transformation projects and operations, followed by over 10 years in information security roles with both end-user organizations and consultancy firms. My professional certifications include CISSP, CISA, CRISC, CISM, CDPSE, CCSK v4, ITIL v3, Oracle SQL DBA, and PECB ISO/IEC 27001 Master, ISO/IEC 27002 Sr. Lead Manager, ISO/IEC 27005 Sr. Lead Risk Manager, Sr. Lead Cybersecurity Manager, CISO, Sr. Lead Cloud Security Manager, ISO/IEC 38500 Sr. Lead IT Corporate Governance Manager, ISO/IEC 20000 Sr. Lead Auditor, ISO 37301 Sr. Lead Implementer, ISO 31000 Sr. Lead Risk Manager, ISO 21502 Sr. Lead Project Manager, and ISO 9001 Sr. Lead Auditor. I provided informal training to CISA and CISSP candidates from 2016 until 2019, when I became an ISC2 Official Training Instructor for CISSP and a PECB Certified Trainer. Furthermore, in 2022 I became an ISC2 Official Training Instructor for CC and a CSA Authorized Trainer for CCSK v4 Foundation and Plus (AWS / Azure labs). My expertise and capabilities captured the attention of PECB, who, in 2023, appointed me to develop and record the eLearning training content and Skills content for ISO/IEC 27001 Lead Implementer and ISO/IEC Lead Auditor courses. https://www.linkedin.com/in/elizapopa/