IT Training

Certified Information Systems Auditor (CISA)


Course Description

The credential of a professional I.S. auditor is valuable. This course delves into the unique challenges of managing an audit and the knowledge necessary to complete the task. Information Systems auditors take up where the financial auditors do not tread - into the design and implementation effectiveness and operation effectiveness of information systems. The course will focus on general computer control, application level control auditing as well as introducing of risk based management approach.

The course is also designed to help candidates familiar with IT audit concepts and rules for regulatory compliance under Sarbanes-Oxley (corporations), Gramm-Leach-Biley & FFIEC (both financial), FISMA (government), HIPAA (medical records), SCADA (utilities) and other regulations. 

The course will also help you to become a true management consultant in IT audit field and will help you well prepared for the CISA examination, which offered by I.S. Audit and Control Association (ISACA) twice a year, one worldwide test in June and the second test in December. 

Course Overview

This instructor-led classroom training covers the CISA body of knowledge to build a working understanding of the material. The training course will cover topics such as auditor responsibilities, scope, audit charter, technical material, privacy requirements, and security requirements. Those IT audit concepts and methodologies will map directly to the requirements for CISA exam preparation. The course has updated the contents to reflect the new subject material on the 2012 exam. 

Course Delivery

  • Instructor speech
  • Group discussion & class participation
  • Questions are actively encouraged
  • Videos
  • Personal attention to YOUR individual learning needs

Teaching Strategies

A variety of teaching strategies may be utilized in this course, including but not limited to, lecture, discussion, written classroom exercises, written lab exercises, performance based lab exercises, demonstrations, quizzes and examinations. Some quizzes may be entirely or contain lab based components. 

Who Needs To Attend

The course is for those who desiring to learn IT audit methodologies, to pass CISA exam and to become CISA certified professionals. This course specifically focuses on the entire CISA knowledge requirements in a highly structured manner. The course is designed ideal for CISA candidates to review subjects normally skimmed and often missed by volunteer study and selfstudy.

Suitable for:

  • Internal and external auditors
  • Finance/CPA professionals
  • IT professionals
  • Information Security professionals

Learning Objectives

The Process of Auditing Information Systems

  • IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards 
  • Risk assessment concepts, tools and techniques in an audit context 
  • Control objectives and controls related to information systems
  • Audit planning and audit project management techniques, including follow-up
  • Fundamental business processes, including relevant IT
  • Applicable laws and regulations which affect the scope, evidence collection and preservation, and frequency of audits
  • Evidence collection techniques used to gather, protect and preserve audit evidence
  • Sampling methodologies
  • Reporting and communication techniques
  • Audit quality assurance systems and frameworks

Governance and Management of IT

  • IT governance, management, security and control frameworks, and related standards, guidelines, and practices
  • The purpose of IT strategy, policies, standards and procedures for an organization and the essential elements of each Organizational structure, roles and responsibilities related to IT
  • Processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures
  • Organization’s technology direction and IT architecture and their implications for setting long-term strategic directions
  • Relevant laws, regulations and industry standards affecting the organization
  • Quality management systems
  • Maturity models
  • Process optimization techniques
  • IT resource investment and allocation practices, including prioritization criteria
  • IT supplier selection, contract management, relationship management and performance monitoring processes including third party outsourcing relationships
  • Enterprise risk management
  • Monitoring and reporting of IT performance
  • IT human resources (personnel) management practices used to invoke the business continuity plan
  • Business impact analysis (BIA) related to business continuity planning
  • The standards and procedures for the development and maintenance of the business continuity plan and testing methods

Information Systems Acquisition, Development, and Implementation

  • Benefits realisation practices
  • Project governance mechanisms
  • Project management control frameworks, practices and tools
  • Risk management practices applied to projects
  • IT architecture related to data, applications and technology
  • Acquisition practices
  • Analysis and management practices
  • Project success criteria and risks
  • Control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data
  • System development methodologies and tools including their strengths and weaknesses
  • Testing methodologies and practices related to information systems development
  • Configuration and release management relating to the development of information systems
  • System migration and infrastructure deployment practices and data conversion tools, techniques and procedures
  • Post-implementation review objectives and practices

Information Systems Operations, Maintenance and Support

  • Service level management practices and the components within a service level agreement
  • Techniques for monitoring third party compliance with the organization’s internal controls
  • Operations and end-user procedures for managing scheduled and non-scheduled processes
  • Technology concepts related to hardware and network components, system software and database management systems
  • Control techniques that ensure the integrity of system interfaces
  • Software licensing and inventory practices
  • System resiliency tools and techniques
  • Database administration practices
  • Capacity planning and related monitoring tools and techniques
  • Systems performance monitoring processes, tools and techniques
  • Problem and incident management practices
  • Processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices
  • Data backup, storage, maintenance, retention and restoration practices
  • Regulatory, legal, contractual and insurance issues related to disaster recovery
  • Business impact analysis (BIA) related to disaster recovery planning
  • Development and maintenance of disaster recovery plans
  • Alternate processing sites and methods used to monitor the contractual agreements
  • Processes used to invoke the disaster recovery plans
  • Disaster recovery testing methods

Protection of Information Assets

  • Techniques for the design, implementation, and monitoring of security controls, including security awareness programs
  • Processes related to monitoring and responding to security incidents
  • Logical access controls for the identification, authentication and restriction of users to authorized functions and data
  • Security controls related to hardware, system software, and database management systems
  • Risks and controls associated with virtualization of systems
  • Configuration, implementation, operation and maintenance of network security controls
  • Network and Internet security devices, protocols, and techniques
  • Information system attack methods and techniques
  • Detection tools and control techniques
  • Security testing techniques
  • Risks and controls associated with data leakage
  • Encryption-related techniques
  • Public key infrastructure (PKI) components and digital signature techniques
  • Risks and controls associated with peer-to-peer computing, instant messaging, and web-based technologies
  • Controls and risks associated with the use of mobile & wireless devices
  • Voice communications security
  • Evidence preservation techniques and processes followed in forensics investigations
  • Data classification standards and supporting procedures
  • Physical access controls for the identification, authentication and restriction of users to authorized facilities
  • Environmental protection devices and supporting practices
  • Processes and procedures used to store, retrieve, transport and dispose of confidential information assets

Equipment Needed

  • CISA Review Manual 2012, by ISACA
  • CISA Questions, Answers & Explanations 2012 CD ROM, by ISACA
  • Class handouts and supplementary reading materials, by Instructor

TPLC

1st Floor, Fon Sing Building
12 Edith Cavell Street,
Port Louis,
Mauritius

Tel: +230 213 2626
Fax: +230 207 3232
Email: info@tplc.mu