The Certified Information Systems Auditor designation of the ISACA is
recognized in 150
countries with more than 18000 candidates holding the designation CISA.
The tasks and knowledge required of today's and tomorrow's information systems audit
professional serve as the blueprint for the CISA examination. These areas are defined through a Practice Analysis that is conducted at regular intervals and consists of both process and content components in a CISA's job function. Accordingly, exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.
Benefits of Becoming a CISA
Being recognized as a CISA brings with it a great number of professional and
organizational benefits. Successful achievement demonstrates and attests to an
individual's information systems audit expertise and indicates a desire to serve an
organisation with distinction. This expertise is extremely valuable given the changing
nature of information technology and the need to employ certified professionals who are
able to apply the most effective information systems audit, control and security
practices, and who have an awareness of the unique requirements particular to information
technology environments. Those who become CISAs join other recognized professionals
worldwide who have earned this highly sought after professional designation.
Many employers now seek the achievement of the CISA designation as a
strong factor for employment and/or advanced promotion.
The Workshop
This four-day crash workshop is revised and designed to prepare candidates for the
2008 examination and provide the opportunity to review the core knowledge required for theexamination and apply this to sample CISA questions.
It
covers all six Content Areas required for the examination.
Participants are expected to have read the 2008 CISA Review manual in advance
although this is not a pre-requisite for the course..
Previous delegates on this workshop
have reported a high success rate.
Workshop Contents
Content Area
1 - IS
Audit Process- 10%
Develop and implement a risk-based IS audit strategy for the
organization in compliance with IS audit standards, guidelines and best
practices.
Plan specific audits to ensure that IT and business systems are
protected and controlled.
Conduct audits in accordance with IS audit standards, guidelines and
best practices to meet planned audit objectives.
Communicate emerging issues, potential risks, and audit results to
key stakeholders. 1.5 Advise on the implementation of risk management
and control practices within the organization while maintaining
independence.
Content Area
2 - IT
Governance- 15%
Evaluate the effectiveness of IT governance structure to ensure
adequate board control over the decisions, directions, and performance
of IT so that it supports the organization’s strategies and objectives.
Evaluate IT organizational structure and human resources (personnel)
management to ensure that they support the organization’s strategies and
objectives.
Evaluate the IT strategy and the process for its development,
approval, implementation, and maintenance to ensure that it supports the
organization’s strategies and objectives.
Evaluate the organization’s IT policies, standards, and procedures;
and the processes for their development, approval, implementation, and
maintenance to ensure that they support the IT strategy and comply with
regulatory and legal requirements.
Evaluate management practices to ensure compliance with the
organization’s IT strategy, policies, standards, and procedures.
Evaluate IT resource investment, use, and allocation practices to
ensure alignment with the organization’s strategies and objectives.
Evaluate IT contracting strategies and policies, and contract
management practices to ensure that they support the organization’s
strategies and objectives.
Evaluate risk management practices to ensure that the organization’s
IT related risks are properly managed.
Evaluate monitoring and assurance practices to ensure that the board
and executive management receive sufficient and timely information about
IT performance.
Content Area
3 -
Systems and Infrastructure Lifecycle Management - 16%
Evaluate the business case for the proposed system
development/acquisition to ensure that it meets the organization’s
business goals.
Evaluate the project management framework and project governance
practices to ensure that business objectives are achieved in a
cost-effective manner while managing risks to the organization.
Perform reviews to ensure that a project is progressing in
accordance with project plans, is adequately supported by documentation
and status reporting is accurate.
Evaluate proposed control mechanisms for systems and/or
infrastructure during specification, development/acquisition, and
testing to ensure that they will provide safeguards and comply with the
organization’s policies and other requirements.
Evaluate the processes by which systems and/or infrastructure are
developed/acquired and tested to ensure that the deliverables meet the
organization’s objectives.
Evaluate the readiness of the system and/or infrastructure for
implementation and migration into production.
Perform post-implementation review of systems and/or infrastructure
to ensure that they meet the organization’s objectives and are subject
to effective internal control.
Perform periodic reviews of systems and/or infrastructure to ensure
that they continue to meet the organization’s objectives and are subject
to effective internal control.
Evaluate the process by which systems and/or infrastructure are
maintained to ensure the continued support of the organization’s
objectives and are subject to effective internal control.
Evaluate the process by which systems and/or infrastructure are
disposed of to ensure that they comply with the organization’s policies
and procedures.
Content Area 4 -
IT Service
Delivery and Support - 14%
Evaluate service level management practices to ensure that the level
of service from internal and external service providers is defined and
managed.
Evaluate operations management to ensure that IT support functions
effectively meet business needs.
Evaluate data administration practices to ensure the integrity and
optimization of databases.
Evaluate the use of capacity and performance monitoring tools and
techniques to ensure that IT services meet the organization’s
objectives.
Evaluate change, configuration, and release management practices to
ensure that changes made to the organization’s production environment
are adequately controlled and documented.
Evaluate problem and incident management practices to ensure that
incidents, problems, or errors are recorded, analyzed, and resolved in a
timely manner.
Evaluate the functionality of the IT infrastructure (e.g., network
components, hardware, system software) to ensure that it supports the
organization’s objectives.
Content Area
5 -
Protection of Information Assets
- 31%
Evaluate the design, implementation, and monitoring of logical
access controls to ensure the confidentiality, integrity, availability
and authorized use of information assets. 5.2 Evaluate network
infrastructure security to ensure confidentiality, integrity,
availability and authorized use of the network and the information
transmitted.
Evaluate the design, implementation, and monitoring of environmental
controls to prevent or minimize loss.
Evaluate the design, implementation, and monitoring of physical
access controls to ensure that information assets are adequately
safeguarded.
Evaluate the processes and procedures used to store, retrieve,
transport, and dispose of confidential information assets.
Content Area
6 - Business
Continuity and Disaster Recovery- 14%
Evaluate the adequacy of backup and restore provisions to ensure the
availability of information required to resume processing.
Evaluate the organization’s disaster recovery plan to ensure that it
enables the recovery of IT processing capabilities in the event of a
disaster.
Evaluate the organization’s business continuity plan to ensure its
ability to continue essential business operations during the period of
an IT disruption.
Who Should Attend
The workshop is aimed at computer auditors who are familiar with the basics
of IS Auditing
and wish to formalize their knowledge with an internationally recognized qualification. It
is continually updated to reflect the latest state of the examination.
PRESENTER
The seminars will be presented by Richard Cascarino, MBA, CIA,
CISM, CFE. Richard is an international presenter of
high-quality Internal Audit professional development seminars. He is a past-president of
the IIA-SA and was the founding Southern Africa Regional Director of the IIA-Inc. He is a
visiting lecturer at the University of the Witwatersrand in South Africa. He is also the author of the books "Internal
Auditing - an Integrated Approach" and "Auditor's
Guide to Information Systems Auditing".
FEES
Seminar fee is US$ 2000 per delegate. A 5% discount will apply if there are two
or more attendees on the same seminar from the same company. This fee does not
include accommodation,