CISA® – Certified Information Systems Auditor® Exam Prep

General Information

CISA is the globally recognized gold standard for IS audit, control, and assurance, in demand and valued by leading global brands. It’s often a mandatory qualification for employment as an IT auditor. CISA professionals offer the credibility to leverage standards, manage vulnerabilities, ensure compliance, offer solutions, institute controls and deliver value to organizations.

Learning Objectives

  • Domain 1 - Information System Auditing Process (21%)
  • Domain 2 - Governance and Management of IT (17%)
  • Domain 3 - Information Systems Acquisition and Implementation (12%)
  • Domain 4 - Information Systems Operation and Business Resilience (23%)
  • Domain 5 - Protection of Information Assets (27%)

Who Should Take this Class

Early to mid-career professionals looking to gain recognition and enhanced credibility in interactions with internal and external stakeholders, regulators, and customers. Job roles include:
  • IT Audit Directors/Managers/Consultants
  • IT and Internal Auditors
  • Compliance/Risk/Privacy Directors
  • IT Directors/Managers/Consultants


  • Five (5) or more years of experience in IS/IT audit, control, assurance, or security.
  • Experience waivers are available for a maximum of three (3) years.

Delivery Format

Virtual Instructor-Led Training (VILT)

Course Credits

  • 3.2 CEU
  • 32 CPEs
  • 32 PDUs


  • 4 hours (240 minutes)
  • 150 multiple choice questions

Course Topics

Domain 1: Information Systems Auditing Process

Domain 2: Governance and Management of IT


IT Governance and IT Strategy

  • IS Audit Standards, Guidelines, and Codes of Ethics
  • Business Process Types of Controls
  • Risk-based Audit Planning
  • Types of Audits and Assessments
  • IT-related Frameworks
  • IT Standards, Policies and Procedures
  • Organizational Structure
  • Enterprise Architecture
  • Enterprise Risk Management
  • Maturity Models
  • Laws, Regulations and Industry Standards Affecting the Organization


IT Management

  • Audit Project Management
  • Sampling Methodology
  • Audit Evidence Collection Techniques
  • Data Analytics
  • Reporting and Communication Techniques
  • Quality Assurance and Improvement of the Audit Process
  • IT Resource Management
  • IT Service Provider Acquisition and Management
  • IT Performance Monitoring and Reporting
  • Quality Assurance and Quality Management of IT



Domain 3: Information Systems Acquisition, Development and Implementation

Domain 4: Information Systems Operations and Business Resilience

Information Systems Acquisition and Development

Information Systems Operations


  • Project Governance and Management
  • Business Case and Feasibility Analysis
  • System Development Methodologies
  • Control Identification and Design
  • Common Technology Components
  • IT Asset Management
  • Job Scheduling and Production Process Automation
  • System Interfaces
  • End-user Computing
  • Data Governance
  • Systems Performance Management
  • Problem and Incident Management
  • Change, Configuration, Release and Patch Management
  • IT Service Level Management
  • Database Management

Information Systems Implementation

Business Resilience

  • Testing Methodologies
  • Configuration and Release Management
  • System Migration, Infrastructure Deployment and Data Conversion
  • Post-implementation Review
  • Business Impact Analysis
  • System Resiliency
  • Data Backup, Storage and Restoration
  • Business Continuity Plan
  • Disaster Recovery Plans



Domain 5: Protection of Information Assets

Information Asset Security Frameworks, Standards and Guidelines

Security Event Management

  • Privacy Principles
  • Physical Access and Environmental Controls
  • Identity and Access Management
  • Network and End-point Security
  • Data Classification
  • Data Encryption and Encryption-related Techniques
  • Public Key Infrastructure
  • Web-based Communication Technologies
  • Virtualized Environments
  • Mobile, Wireless and Internet-of-things Devices
  • Security Event Management
  • Security Awareness Training and Programs
  • Information System Attack Methods and Techniques
  • Security Testing Tools and Techniques
  • Security Monitoring Tools and Techniques
  • Incident Response Management
  • Evidence Collection and Forensics