CISA Exam Preparation and Information Technology Audit Training

This is custom heading element

The CISA certification program is a program run by the ISACA organization and has been recognized worldwide in the field of information systems auditing. The CISA certification exam tests the knowledge of fundamentals of auditing, information technology concepts and IT controls best practices. In addition to passing the exam, supporting this theoretical knowledge with practical experience is a prerequisite for certification.

The training does not only contain theoretical IT and audit concepts but also sample scenarios to develop a sense of judgement to find out the best possible control alternatives or approaches under specific circumstances.

The training also aims to prepare the participants for the CISA exam approach with going through sample questions.

Training Details

Prerequisites

Although there are no technical prerequisites for training, having experience in a information technology position or IT audit field will increase the benefit from training.

Training Content

Information systems audit process
- Information systems audit management
  - Organizational structure
  - Audit and resource planning
- ISACA information systems auditing and assurance standards and guidelines
- IS risk analysis
- IS controls
  - CobiT 5
  - General controls
- Performing information systems audit
  - Audit categories
  - Audit programs
  - Audit methods and tools
  - Detection of fraud
  - Risk-based audit
  - Audit risk and materiality
  - Risk assessment and handling
  - Audit objectives
  - Compliance and financial audit tests
  - Audit evidence
  - Observation and interview techniques
  - Sampling methods
  - Benefiting from other auditors and experts
  - CAAT tools and methods
  - Evaluation of finding criticalities
  - Reporting structure and content, report presentation
  - Implementation of recommendations by management
  - Audit documentation
- Self-assessment
  - Objectives of self-assessment
  - Advantages and disadvantages of self-assessment
  - The role of the auditor in self-assessments
  - Use of technology in self-assessments
  - Traditional approach and self-assessment approach
- Development of information systems audit
Information technology governance and management
- Corporate governance
- Enterprise information technologies governance
  - Best practices in IT governance
  - IT management committees
  - IT balanced scorecard
  - Information security governance
  - Enterprise IT architecture
- Information systems strategy
- Process maturity models
- Information technology investments and resource management processes
- Policies and procedures
- Risk management
  - Development of risk management program
  - Risk analysis methods
- Information systems management
  - Human resources management
  - Outsourcing and third party supplier management
  - Organizational change management
  - IT budget management
  - Quality management
  - Information security management
  - Performance management
- Organizational structure and responsibilities of information systems
  - Roles and responsibilities of information systems
  - Segregations of duties in information systems
- Audit of information systems governance structure and processes
- Business continuity planning
- Business continuity audit
Information systems procurement, development and implementation processes
- Information systems investment and value management
- Project management organization
- Project management process
  - Start of the project
  - Project planning
  - Project risk management
  - Project closure
  - Application development process
  - Business application systems
    - Electronic commerce
    - Electronic data exchange
    - Electronic money transfer and electronic banking
    - Decision support systems
    - CRM applications
    - Production planning and supply chain applications
  - Application development methods
    - Analysis, design and development steps
    - Agile development method
    - Prototype development
    - Object-oriented software development
    - Web-based application development
    - Reverse engineering
  - Infrastructure development and procurement process
  - Architectural analysis process
    - Planning the infrastructure implementation
    - Critical success factors
    - Hardware procurement
    - System software procurement
    - System software installation
  - Maintenance of information systems
    - Change management process
    - Configuration management
  - Efficient software development tools
    - Code generators
    - Computer aided software development
    - generation languages
  - Software development process best practices
    - CMMI
    - ISO15504
  - Application controls
    - Input controls
    - Data processing procedures and controls
    - Output controls
    - Business cycle control assurance
  - Application controls audits
  - Information systems procurement, development and implementation process audit
- Information systems operations, maintenance and support
  - IT service management
  - Infrastructure operations
  - Information security operations
- Information systems hardware and equipment
  - Hardware components
  - Hardware maintenance program
  - Hardware monitoring procedures
  - Capacity management
- Information systems architecture and software
  - Operating systems
  - Access control software
  - Communication software
  - Data management
  - Database management systems
  - Data storage medium management
  - System Tools
  - License management
  - DRM (digital rights management)
- Network infrastructure
  - Enterprise network architectures
  - Network types
  - Network services
  - Network standards and protocols
  - OSI architecture and implementation
- Disaster recovery planning
  - Recovery point objective (RPO) and recovery time objective (RTO)
  - Recovery strategies
  - Recovery alternatives
  - Disaster recovery plan development
  - Definition of roles and responsibilities
  - Backup and restore
- Protection of information assets
  - Information security management
    - Main components of information security management
    - Information security management roles and responsibilities
    - Classification of information assets
    - Third-party security
    - Human resources controls
    - Data leakage risks
    - Privacy of personally identifiable information
  - Logical access controls
    - Logical access channels
    - Authentication and authorization concepts
    - Access control tools
    - Storing, using, transmitting and destroying confidential information
  - Network infrastructure security
    - LAN security
    - Client and server security
    - Wireless network threats and risk-reducing controls
    - Internet threats and controls
    - Encryption
    - Malicious software
    - VOIP infrastructure security
    - PBX infrastructure security
  - Audit of information security management framework
    - Examination of policy, procedure and standard documents
    - Information security roles and responsibilities
    - Access controls audit
    - Interview, document review and log analysis methods
    - Detection and monitoring of information security incidents
    - Information security incident response techniques
  - Network infrastructure security audit
    - Remote access security audit
    - Audit of services open to the Internet
    - Evaluation of the entire network infrastructure
    - Planning and approving network changes
    - Detection of unauthorized changes
  - Environmental risks and controls
    - Environmental threats and control tools
    - Audit of environmental controls
  - Physical access risks and controls
    - Physical access control requirements and tools
    - Physical access controls audit
  - Mobile device security

Training Duration and Location

Duration: 4,5 Days

Location: Istanbul

Certification

All participants are entitled to CERTIFICATE OF PARTICIPATION