Introduction

The Certified Information Systems Auditor (CISA) certification is a globally recognized credential that validates an individual’s expertise in auditing, controlling, and securing information systems. This 5-day intensive training course provides comprehensive coverage of the five domains of CISA, including information systems auditing, governance, risk management, systems acquisition, and information security. By the end of the course, participants will have the knowledge and skills necessary to prepare for the CISA certification exam and begin or advance their careers as information systems auditors.

Course Objectives

By the end of this training, participants will:

1. Understand the fundamentals of information systems auditing and control frameworks.
2. Gain expertise in auditing IT infrastructure, security, governance, and risk management.
3. Learn best practices for managing the acquisition, development, and implementation of information systems.
4. Be fully prepared to take the CISA certification exam and demonstrate proficiency in auditing and assessing IT environments.

Who Should Attend?

This course is ideal for:

• IT auditors, internal auditors, and security professionals looking to formalize their expertise with the CISA certification.
• Professionals working in information systems, governance, risk management, and control.
• System administrators, risk managers, and compliance officers interested in expanding their knowledge of IT auditing.
• Individuals seeking to advance their careers in information systems auditing and control.

Day 1: Introduction to Information Systems Auditing and Governance

• Session 1: Overview of Information Systems Auditing

  • Understanding the role of an information systems auditor
  • Key principles of auditing: Risk-based auditing, independence, and objectivity
  • Auditing standards and frameworks (ISACA, COBIT, ISO 27001)
  • The importance of controls, policies, and procedures in IT systems auditing

• Session 2: Governance and Management of IT

  • Corporate governance and IT governance frameworks (COBIT, ITIL)
  • Aligning IT strategy with business objectives and risks
  • Governance structures: Board of directors, executive management, and audit committees
  • Risk management frameworks and processes in information systems

Day 2: Information Systems Acquisition, Development, and Implementation

• Session 3: Auditing IT Development and Acquisition

  • Overview of the systems development life cycle (SDLC)
  • Auditing the acquisition process: RFPs, vendor selection, and contract management
  • Assessing software development processes and methodologies
  • Auditing system implementation and project management

• Session 4: Auditing IT Projects and Changes

  • Risk management and project governance in IT projects
  • Managing changes in IT environments and ensuring adequate controls
  • Auditing system migrations, upgrades, and patch management
  • Controls and assessments for business continuity and disaster recovery

Day 3: Information Systems Operations, Maintenance, and Support

• Session 5: Auditing IT Operations and Infrastructure

  • IT operations: Systems and network administration, server management
  • Assessing the effectiveness of controls for data centers and networks
  • Auditing backup and recovery processes, change management, and incident response
  • Auditing disaster recovery and business continuity plans

• Session 6: Security Controls and Auditing Access Controls

  • Overview of security management: Policies, encryption, and firewalls
  • Auditing access controls: User authentication, authorization, and identity management
  • Auditing physical security: Data centers, personnel, and environmental security
  • Risk assessment and the effectiveness of controls for data protection

Day 4: Protection of Information Assets and Risk Management

• Session 7: Information Security Risk Management

  • Identifying and managing risks to information systems
  • Information security frameworks and standards (ISO 27001, NIST)
  • Conducting risk assessments and creating risk management strategies
  • Auditing security incidents, vulnerabilities, and threats

• Session 8: Auditing Cybersecurity and Emerging Technologies

  • Auditing cybersecurity defenses: Network security, intrusion detection/prevention
  • Security operations centers (SOC) and incident response management
  • Auditing cloud security and virtualization technologies
  • Risks and controls for emerging technologies: IoT, AI, blockchain

Day 5: Auditing Techniques, Exam Preparation, and Best Practices

• Session 9: Performing an Information Systems Audit

  • Key audit techniques and procedures: Data sampling, interviews, and walkthroughs
  • Audit evidence and documentation: Gathering, evaluating, and reporting audit findings
  • Effective communication with stakeholders: Reporting and presenting audit results
  • Understanding the importance of audit trails and maintaining documentation

• Session 10: Preparing for the CISA Exam

  • Review of CISA exam domains and question formats
  • Practice exam questions and case studies to test understanding
  • Exam-taking strategies: Time management, understanding question formats, and tips for success
  • Final Q&A session to address participant queries and ensure exam readiness