Certified Information Systems Auditor® (CISA®) («CAM»)

• Learning to plan and conduct audits in accordance with ISACA guidelines and standards and communicate results convincingly
• Developing a risk-based audit strategy, collecting evidence in a systematic manner, and making targeted use of data analysis
• Reflecting on audit quality and conducting follow-ups to verify the implementation of your own recommendations
• Understanding IT governance structures, frameworks (COBIT, COSO, etc.) and role-based responsibilities
• Evaluating business processes, policies and organisation in terms of maturity, resource management and IT QA
• Developing recommendations for improving IT governance in line with corporate objectives
• Assessing how IT systems are acquired, developed, and implemented, and whether they meet corporate strategy and requirements
• Analyzing project management methods (e.g., SDLC, Agile), outsourcing/sourcing decisions, and testing strategies
• Supporting the organization with feasibility analyses, system testing, and post-implementation follow-ups
• Reviewing IT operational processes, infrastructure, and service management, as well as their impact on business continuity
• Designing and auditing emergency and disaster recovery plans, as well as business impact analyses
• Supporting the organization in responding quickly and effectively in the event of a crisis
• Evaluating security policies, standards, and controls to ensure confidentiality, integrity, and availability
• Developing measures for auditing information security (e.g., access controls, encryption, logging)
• Supporting the organization in establishing effective protection for critical information assets

Domain 1: Information System Auditing Process

• IS Audit Standards, Guidelines, Functions, and Codes of Ethics
• Types of Audits, Assessments, and Reviews
• Risk-based Audit Planning
• Types of Controls and Considerations
• Audit Project Management
• Audit Testing and Sampling Methodology
• Audit Evidence Collection Techniques
• Audit Data Analytics
• Reporting and Communication Techniques
• Quality Assurance and Improvement of Audit Process

Domain 2: Governance and Management of IT

• Laws, Regulations, and Industry Standards
• Organizational Structure, IT Governance, and IT Strategy
• IT Policies, Standards, Procedures, and Guidelines
• Enterprise Architecture and Considerations
• Enterprise Risk Management (ERM)
• Privacy Program and Principles
• Data Governance and Classification
• IT Resource Management
• IT Vendor Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Domain 3: Information Systems Acquisition, Development, and Implementation

• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design
• System Readiness and Implementation Testing
• Implementation Configuration and Release Management
• System Migration, Infrastructure Deployment, and Data Conversion
• Postimplementation Review

Domain 4: Information Systems Operations and Business Resilience

• IT Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System Interfaces
• End-user Computing and Shadow IT
• Systems Availability and Capacity Management
• Problem and Incident Management
• IT Change, Configuration, and Patch Management
• Operational Log Management
• IT Service Level Management
• Database Management
• Business Impact Analysis
• System and Operational Resilience
• Data Backup, Storage, and Restoration
• Business Continuity Plan
• Disaster Recovery Plans

Domain 5: Protection of Information Assets

• Information Asset Security Policies, Frameworks, Standards, and Guidelines
• Physical and Environmental Controls
• Identity and Access Management
• Network and End-Point Security
• Data Loss Prevention
• Data Encryption
• Public Key Infrastructure (PKI)
• Cloud and Virtualized Environments
• Mobile, Wireless, and Internet-of-Things Devices
• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing Tools and Techniques
• Security Monitoring Logs, Tools, and Techniques
• Security Incident Response Management
• Evidence Collection and Forensics

The course consists of interactive training in the form of presentations and group exercises.

Depending on your learning style, exam preparation requires an additional 10-20 hours of study outside of class.

The course is aimed at professionals and managers from IT management, IT security, IT operations, security consulting, auditing, project management, and compliance who deal with the compliance of information systems and want to thoroughly prepare for the CISA® certification exam.

Ideal for IT auditors, auditors, security officers, risk managers, and compliance specialists who want to systematically evaluate IT systems and controls. CISA® certification underpins and strengthens your professional competence.

There are no formal admission requirements for attending the course.

The requirements for official ISACA® certification are:

1 Passing the CISA® exam

• The exam can be taken without professional experience.
• After passing, certification must be applied for within 5 years.

2 Proof of at least five years of professional experience in IS/IT audit, control, or security

• This experience must have been gained within the last ten years prior to application or within five years of passing the exam.

3 Coverage of at least one or more CISA® domains

• Professional experience must relate to activities that can be assigned to relevant content from the following five CISA® domains:
  • Information System Auditing
  • Governance and Management of IT
  • IS Acquisition, Development, and Implementation
  • IS Operations and Business Resilience
  • Protection of Information Assets

4 Possibility of crediting alternative qualifications

• Up to three years of professional experience can be replaced by certain qualifications or degrees (e.g., university degree, other certifications – details on the ISACA® website).

5 Verifiability of professional experience

• Professional experience must be confirmed by a superior or authorized body.

6 Submitting the application for certification to ISACA®

• Online application or PDF form
• Payment of an application fee of currently USD 50

7 Agreement to the ISACA® Code of Professional Ethics

• Commitment to adhere to professional ethical principles and standards of conduct

8 Compliance with Continuing Professional Education (CPE) requirements

• After certification: annual continuing education requirement and proof of compliance to maintain certification

Exam format:

• 150 multiple-choice questions
• Duration: 4 hours (240 minutes)
• Location: online with remote proctoring or at an authorized test center
• Language: available in several languages (you specify the language when registering for the exam)
• Aids: none

• Certified Information Systems Auditor® (CISA®)

© ISACA. All rights reserved.

CISA® is a registered trademark of ISACA®.