CISA

Home Up

 

 

New 2009 CISA Preparation Programme

The Qualification

The Certified Information Systems Auditor designation of the ISACA is recognized in 150 countries with more than 18000 candidates holding the designation CISA. 

The tasks and knowledge required of today's and tomorrow's information systems audit
professional serve as the blueprint for the CISA examination. These areas are defined through a Practice Analysis that is conducted at regular intervals and consists of both process and content components in a CISA's job function. Accordingly, exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.

Benefits of Becoming a CISA

Being recognized as a CISA brings with it a great number of professional and organizational benefits. Successful achievement demonstrates and attests to an individual's information systems audit expertise and indicates a desire to serve an organisation with distinction. This expertise is extremely valuable given the changing nature of information technology and the need to employ certified professionals who are able to apply the most effective information systems audit, control and security practices, and who have an awareness of the unique requirements particular to information technology environments. Those who become CISAs join other recognized professionals worldwide who have earned this highly sought after professional designation.

Many employers now seek the achievement of the CISA designation as a strong factor for employment and/or advanced promotion.

The Workshop

This four-day crash workshop is revised and designed to prepare candidates for the 2008 examination and provide the opportunity to review the core knowledge required for the examination and apply this to sample CISA questions. It covers all six Content Areas  required for the examination. 

Participants are expected to have read the 2008 CISA Review manual in advance although this is not a pre-requisite for the course.

Previous delegates on this workshop have reported a high success rate.

Workshop Contents

Content Area  1 - IS Audit Process - 10%

  • Develop and implement a risk-based IS audit strategy for the organization in compliance with IS audit standards, guidelines and best practices.
  • Plan specific audits to ensure that IT and business systems are protected and controlled.
  • Conduct audits in accordance with IS audit standards, guidelines and best practices to meet planned audit objectives.
  • Communicate emerging issues, potential risks, and audit results to key stakeholders. 1.5 Advise on the implementation of risk management and control practices within the organization while maintaining independence.

Content Area  2 - IT Governance - 15%

  • Evaluate the effectiveness of IT governance structure to ensure adequate board control over the decisions, directions, and performance of IT so that it supports the organizationís strategies and objectives.
  • Evaluate IT organizational structure and human resources (personnel) management to ensure that they support the organizationís strategies and objectives.
  • Evaluate the IT strategy and the process for its development, approval, implementation, and maintenance to ensure that it supports the organizationís strategies and objectives.
  • Evaluate the organizationís IT policies, standards, and procedures; and the processes for their development, approval, implementation, and maintenance to ensure that they support the IT strategy and comply with regulatory and legal requirements.
  • Evaluate management practices to ensure compliance with the organizationís IT strategy, policies, standards, and procedures.
  • Evaluate IT resource investment, use, and allocation practices to ensure alignment with the organizationís strategies and objectives.
  • Evaluate IT contracting strategies and policies, and contract management practices to ensure that they support the organizationís strategies and objectives.
  • Evaluate risk management practices to ensure that the organizationís IT related risks are properly managed.
  • Evaluate monitoring and assurance practices to ensure that the board and executive management receive sufficient and timely information about IT performance.

Content Area  3 - Systems and Infrastructure Lifecycle Management - 16%

  • Evaluate the business case for the proposed system development/acquisition to ensure that it meets the organizationís business goals.
  • Evaluate the project management framework and project governance practices to ensure that business objectives are achieved in a cost-effective manner while managing risks to the organization.
  • Perform reviews to ensure that a project is progressing in accordance with project plans, is adequately supported by documentation and status reporting is accurate.
  • Evaluate proposed control mechanisms for systems and/or infrastructure during specification, development/acquisition, and testing to ensure that they will provide safeguards and comply with the organizationís policies and other requirements.
  • Evaluate the processes by which systems and/or infrastructure are developed/acquired and tested to ensure that the deliverables meet the organizationís objectives.
  • Evaluate the readiness of the system and/or infrastructure for implementation and migration into production.
  • Perform post-implementation review of systems and/or infrastructure to ensure that they meet the organizationís objectives and are subject to effective internal control.
  • Perform periodic reviews of systems and/or infrastructure to ensure that they continue to meet the organizationís objectives and are subject to effective internal control.
  • Evaluate the process by which systems and/or infrastructure are maintained to ensure the continued support of the organizationís objectives and are subject to effective internal control.
  • Evaluate the process by which systems and/or infrastructure are disposed of to ensure that they comply with the organizationís policies and procedures.

Content Area 4 - IT Service Delivery and Support - 14%

  • Evaluate service level management practices to ensure that the level of service from internal and external service providers is defined and managed.
  • Evaluate operations management to ensure that IT support functions effectively meet business needs.
  • Evaluate data administration practices to ensure the integrity and optimization of databases.
  • Evaluate the use of capacity and performance monitoring tools and techniques to ensure that IT services meet the organizationís objectives.
  • Evaluate change, configuration, and release management practices to ensure that changes made to the organizationís production environment are adequately controlled and documented.
  • Evaluate problem and incident management practices to ensure that incidents, problems, or errors are recorded, analyzed, and resolved in a timely manner.
  • Evaluate the functionality of the IT infrastructure (e.g., network components, hardware, system software) to ensure that it supports the organizationís objectives.

Content Area  5 - Protection of Information Assets - 31%

  • Evaluate the design, implementation, and monitoring of logical access controls to ensure the confidentiality, integrity, availability and authorized use of information assets. 5.2 Evaluate network infrastructure security to ensure confidentiality, integrity, availability and authorized use of the network and the information transmitted.
  • Evaluate the design, implementation, and monitoring of environmental controls to prevent or minimize loss.
  • Evaluate the design, implementation, and monitoring of physical access controls to ensure that information assets are adequately safeguarded.
  • Evaluate the processes and procedures used to store, retrieve, transport, and dispose of confidential information assets.

Content Area  6 - Business Continuity and Disaster Recovery -  14%

  • Evaluate the adequacy of backup and restore provisions to ensure the availability of information required to resume processing.
  • Evaluate the organizationís disaster recovery plan to ensure that it enables the recovery of IT processing capabilities in the event of a disaster.
  • Evaluate the organizationís business continuity plan to ensure its ability to continue essential business operations during the period of an IT disruption.

Who Should Attend

The workshop is aimed at computer auditors who are familiar with the basics of IS Auditing and wish to formalize their knowledge with an internationally recognized qualification. It is continually updated to reflect the latest state of the examination.

PRESENTER

The seminars will be presented by Richard Cascarino, MBA, CIA, CISM, CFE.  Richard is an international presenter of high-quality Internal Audit professional development seminars. He is a past-president of the IIA-SA and was the founding Southern Africa Regional Director of the IIA-Inc. He is a visiting lecturer at the University of the Witwatersrand in South Africa. He is also the author of the books "Internal Auditing - an Integrated Approach" and "Auditor's Guide to Information Systems Auditing".

FEES

Seminar fee is US$ 2000 per delegate. A 5% discount will apply if there are two or more attendees on the same seminar from the same company. This fee does not include accommodation,

  Booking Request Form  

mail to: info@rcascarino.com