Test / Eksamen: Certified Information Systems Auditor (CISA) exam voucher (CISA_EXAMEN)

Certified Information Systems Auditor® (CISA®) is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s IT and business systems.

If you are a mid-career professional, CISA can showcase your expertise and assert your ability to apply a risk-based approach to planning, executing and reporting on audit engagements

After ordering, you will receive an email from Global Knowledge within 2 working days with a voucher code and registration instructions.

NB: This voucher can only be purchased if Candidate has previously purchased/attended the preparation course (ILT or E-Learning) at Global Knowledge: CISAU  "CISA®, Certified Information Systems Auditor® + Practice Questions (QAE)"

Supporting Tasks

1. Plan an audit to determine whether information systems are protected, controlled, and provide value to the organization.

2. Conduct audits in accordance with IS audit standards and a risk based IS audit strategy.

3. Apply project management methodologies to the audit process.

4. Communicate and collect feedback on audit progress, findings, results, and recommendations with stakeholders.

5. Conduct post-audit follow up to evaluate whether identified risk has been sufficiently addressed.

6. Utilize data analytics tools to enhance audit processes.

7. Evaluate the role and/or impact of automatization and/or decision-making systems for an organization.

8. Evaluate audit processes as part of quality assurance and improvement programs.

9. Evaluate the IT strategy for alignment with the organization's strategies and objectives.

10. Evaluate the effectiveness of IT governance structure and IT organizational structure.

11. Evaluate the organization's management of IT policies and practices, including compliance with legal and regulatory requirements.

12. Evaluate IT resource and project management for alignment with the organization's strategies and objectives.

13. Evaluate the organization's enterprise risk management (ERM) program.

14. Determine whether the organization has defined ownership of IT risk, controls, and standards.

15. Evaluate the monitoring and reporting of IT key performance indicators (KPIs) and IT key risk indicators (KRIs).

16. Evaluate the organization's ability to continue business operations.

17. Evaluate the organization's storage, backup, and restoration policies and processes.

18. Evaluate whether the business cases related to information systems meet business objectives.

19. Evaluate whether IT vendor selection and contract management processes meet business, legal, and regulatory requirements.

20. Evaluate supply chains for IT risk factors and integrity issues.

21. Evaluate controls at all stages of the information systems development life cycle.

22. Evaluate the readiness of information systems for implementation and migration into production.

23. Conduct post-implementation reviews of systems to determine whether project deliverables, controls, and requirements are met.

24. Evaluate whether effective processes are in place to support end users.

25. Evaluate whether IT service management practices align with organizational requirements.

26. Conduct periodic review of information systems and enterprise architecture (EA) to determine alignment with organizational objectives.

27. Evaluate whether IT operations and maintenance practices support the organization's objectives.

28. Evaluate the organization's database management practices.

29. Evaluate the organization's data governance program.

30. Evaluate the organization's privacy program.

31. Evaluate data classification practices for alignment with the organization's data governance program, privacy program, and applicable external requirements.

32. Evaluate the organization's problem and incident management program.

33. Evaluate the organization's change, configuration, release, and patch management programs.

34. Evaluate the organization's log management program.

35. Evaluate the organization's policies and practices related to asset life cycle management.

36. Evaluate risk associated with shadow IT and end-user computing (EUC) to determine effectiveness of compensating controls.

37. Evaluate the organization's information security program.

38. Evaluate the organization's threat and vulnerability management program.

39. Utilize technical security testing to identify potential vulnerabilities.

40. Evaluate logical, physical, and environmental controls to verify the confidentiality, integrity, and availability of information assets.

41. Evaluate the organization's security awareness training program.

42. Provide guidance to the organization in order to improve the quality and control of information systems.

43. Evaluate potential opportunities and risks associated with emerging technologies, regulations, and industry practices.

Domain 1—Information Systems Auditing Process - (21%)

• Planning
• IS Audit Standards, Guidelines, Functions, and Codes of Ethics
• Types of Audits, Assessments, and Reviews
• Risk-Based Audit Planning
• Types of Controls and Considerations
• Execution
• Audit Project Management
• Audit Testing and Sampling Methodology
• Audit Evidence Collection Techniques
• Audit Data Analytics (including audit algorithms)
• Reporting and Communication Techniques
• Quality Assurance and Improvement of Audit Process

Domain 2—Governance and Management of IT - (17%)

• IT Governance
• Laws, Regulations, and Industry Standards
• Organizational Structure, IT Governance, and IT Strategy
• IT Policies, Standards, Procedures and Practices
• Enterprise Architecture (EA) and Considerations
• Enterprise Risk Management (ERM)
• Privacy Program and Principles
• Data Governance and Classification
• IT Management
• IT Resource Management
• IT Vendor Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Domain 3—Information Systems Acquisition, Development and Implementation - (12%)

• Information Systems Acquisition and Development
• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design
• Information Systems Implementation
• System Readiness and Implementation Testing
• Implementation Configuration and Release Management
• System Migration, Infrastructure Deployment, and Data Conversion

Domain 4—Information Systems Operations and Business Resilience - (23%)

• Information Systems Operations
• IT Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System Interfaces
• Shadow IT and End-User Computing (EUC)
• Systems Availability and Capacity Management
• Problem and Incident Management
• IT Change, Configuration, and Patch Management
• Operational Log Management
• IT Service Level Management
• Database Management
• Business Resilience
• Business Impact Analysis (BIA)
• System and Operational Resilience
• Data Backup, Storage, and Restoration
• Business Continuity Plan (BCP)
• Disaster Recovery Plans (DRP)

Domain 5—Protection of Information Assets - (27%)

• Information Asset Security and Control
• Information Asset Security Policies, Frameworks, Standards, and Guidelines
• Physical and Environmental Controls
• Identity and Access Management
• Network and End-Point Security
• Data Loss Prevention (DLP)
• Data Encryption
• Public Key Infrastructure (PKI)
• Cloud and Virtualized Environments
• Mobile, Wireless, and Internet-of-Things (IoT) Devices
• Security Event Management
• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing Tools and Techniques
• Security Monitoring Logs, Tools, and Techniques
• Security Incident Response Management
• Evidence Collection and Forensics

Five (5) or more years of experience in IS/IT audit, control, assurance, or security are requested.

Experience waivers are available for a maximum of three (3) years.