The Certified Information Systems Auditor (CISA) certification from ISACA is a globally recognized standard for professionals who audit, control, monitor, and assess an organization's information technology and business systems. CISA validates expertise in information systems auditing, governance, security, and control. It demonstrates a deep understanding of IT's relationship to business objectives, enabling professionals to effectively manage IT risks and ensure compliance.

Prerequisites

Although there are no mandatory prerequisites for this course, familiarity with fundamental IT concepts, business processes, and risk management principles is highly beneficial. Some prior exposure to audit, control, or security—whether through previous roles, academic coursework, or other certifications—will also greatly assist in understanding the course material.

Target Audience

This course is ideal for:

• IT Auditors
• Audit Managers
• Security Professionals
• IT Consultants
• Individuals responsible for IT governance, risk management, and control

Career Opportunities and Benefits

Earning the CISA certification can significantly enhance career prospects and offer numerous benefits:

• Increased earning potential
• Enhanced credibility and recognition within the industry
• Demonstrated expertise in IS audit, control, and security
• Improved career advancement opportunities
• Access to a global network of CISA professionals
• Enhanced understanding of the link between IT and business goals

Course Content

This course covers the five CISA domains as defined by ISACA:

Domain 1: Information Systems Auditing Process (21%)

• IS Audit Standards, Guidelines, and Codes of Ethics
• Business Processes
• Types of Controls
• Risk-Based Audit Planning
• Types of Audits and Assessments
• Audit Project Management
• Sampling Methodology
• Audit Evidence Collection Techniques
• Data Analytics
• Reporting and Communication Techniques

Domain 2: Governance and Management of IT (17%)

• IT Governance and IT Strategy
• IT-Related Frameworks
• IT Standards, Policies, and Procedures
• Organizational Structure
• Enterprise Architecture
• Enterprise Risk Management
• Maturity Models
• Laws, Regulations, and Industry Standards affecting the Organization
• IT Resource Management
• IT Service Provider Acquisition and Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Domain 3: Information Systems Acquisition, Development, and Implementation (12%)

• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design
• Testing Methodologies
• Configuration and Release Management
• System Migration, Infrastructure Deployment, and Data Conversion
• Post-implementation Review

Domain 4: Information Systems Operations and Business Resilience (23%)

• Common Technology Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System Interfaces
• End-User Computing
• Data Governance
• Systems Performance Management
• Problem and Incident Management
• Change, Configuration, Release, and Patch Management
• IT Service Level Management
• Database Management
• Business Impact Analysis (BIA)
• System Resiliency
• Data Backup, Storage, and Restoration
• Business Continuity Plan (BCP)
• Disaster Recovery Plans (DRP)

Domain 5: Protection of Information Assets (27%)

• Information Asset Security Frameworks, Standards, and Guidelines
• Privacy Principles
• Physical Access and Environmental Controls
• Identity and Access Management
• Network and End-Point Security
• Data Classification
• Data Encryption and Encryption-Related Techniques
• Public Key Infrastructure (PKI)
• Web-Based Communication Techniques
• Virtualised Environments
• Mobile, Wireless, and Internet-of-Things (IoT) Devices
• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing Tools and Techniques
• Security Monitoring Tools and Techniques
• Incident Response Management
• Evidence Collection and Forensics