Fundamentals of Information Systems Audit and Control
About Course
Certified Information Systems Auditor® (CISA) is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s IT and business systems. If you are a mid-career professional, CISA can showcase your expertise and assert your ability to apply a risk-based approach to planning, executing and reporting on audit engagements.
What Will You Learn?
- Understand the importance of CISA certification
- Develop audit plans and strategies to effectively assess and evaluate the controls and processes within an organization's information systems.
- Execute audits in accordance with professional standards and guidelines.
- Gain knowledge of IT governance principles and frameworks.
- Understand IT management practices and the role of IT in supporting and enabling business objectives.
- Acquire knowledge and skills related to information systems acquisition, development, and implementation.
- Gain insights into information systems operation and resilience.
- Develop an understanding of business resilience and the ability to identify and address risks to business operations.
- About information asset security and control measures to protect the organization's information assets.
Course Content
Introduction to CISA Certification
-
ISACA, Importance of CISA, Domains, QP structure
Audit Planning
-
IS Audit Standards, Guidelines, and Codes of Ethics
-
Business Processes
-
Business Processes – Emails, PoS, Electronic Banking, ETF, ATM – IS Auditor’s Role
-
Business Processes – Integrated Manf, IVR, ICS, AI & Expert System – IS Auditor’s Role
-
Business Processes – Supply Chain Mgt, CRM, Using other Auditors and Experts
-
Risk based Audit planning – Audit Risk Materiality, Risk based approach
-
Risk based Audit planning – Risk Assessment Process, Technique, Risk Analysis
-
Types of Audits and Assessments
Audit Execution
-
Audit Project Management, Audit Phases, Audit Work Paper, Fraud & Irregularity detection
-
Audit Sampling – Method, Compliance Vs Substantive Audit, Sampling Risk
-
Audit Evidence Collection, Interviewing and Observation, Data Analysis
-
Data Analytics
-
Audit Reporting,Report structure, Documentation, Control Self Assessment
-
Quality Assurance and Improvement of Audit Process
-
Sample Audit
-
Case Study
IT Governance
-
Introduction, Governance & Strategy, CoBIT Framework, EGIT
-
Strategic Plan, Business Intelligence
-
Enterprise Data Flow Architecture, Data Governance
-
IT Related Framework, Standards-Policies-Procedures, Org Structure & Responsibilities
-
Segregation of Duties, Compensationg Controls, Auditing Governance
-
Enterprise Architecture, ERM, Development of ERM Process
-
Risk Analysis Methods, Maturity Models, GRC, Law-Regulations-Industry Standards
IT Management
-
IT Resource Management, IT Management practices, HR Management Practices
-
Organization Change Management, IS Budgets, IS Management
-
IT Service Provider Aqn & Management, Outsourcing Practices and Management
-
Cloud Governance, Governance in Outsourcing, TP Governance Management
-
IT Performance Management & Reporting, performance optimization
-
Quality Assurance & Quality Management
-
Case Study
Information Systems Acquisition, Development and Implementation
-
Project Governance & Management (PGM): Practices, PM Process, Structure, Responsibilities
-
PM Techniques, PMO, IS Project Cost Estimation, Functional Point Analysis
-
Project Risk Management, IS Auditor’s Role in PM
-
Business Case and Feasibility Analysis, Auditor’s Role
-
System Development Methodologies, SDLC Models, Phases
-
Project development Methods
-
Business Process Reengineering and Process Change, Auditor’s Role
-
HW,SW, System SW Acquisition & Auditor’s Role
-
Control Identification and Design
-
Processing Controls
-
IS Implementation – Testing Methodologies
-
Configuration and Release Management
-
System Migration, Infrastructure Deployment, and Data Conversion
-
System Migration, Data Migration, Changeover techniques
-
Post Implementation review & Auditor’s Role
-
Case Study
IS Operation and Resilience
-
Common Technology Components – USB, RFID
-
IT Asset Management
-
Sysyem Interfaces, Security Issue in SI
-
Job Scheduling and Production Process Automation
-
End-User Computing
-
Data Governance
-
Systems Performance Management
-
Problem and Incident Management
-
Change, Configuration, Release, and Patch Management
-
IT Service Level Management
-
Database Management
Business Resilience
-
Business Impact Analysis (BIA)
-
System Resiliency
-
Data Backup, Storage, and Restoration
-
Business Continuity Plan (BCP)
-
Disaster Recovery Plans (DRP)
-
Case Study
Protection of Information Assets
Information Asset Security and Control
-
Information Asset Security Frameworks, Standards, and Guidelines
-
Privacy Principles
-
Physical Access and Environmental Controls
-
Identity and Access Management
-
Network and End-Point Security
-
Data Classification
-
Data Encryption and Encryption-Related Techniques
-
Public Key Infrastructure (PKI)
-
Web-Based Communication Techniques
-
Virtualized Environments
-
Mobile, Wireless, and Internet-of-Things (IoT) Device
Security Event Management
-
Security Awareness Training and Programs
-
Information System Attack Methods and Techniques
-
Security Testing Tools and Techniques
-
Security Monitoring Tools and Techniques
-
Incident Response Management
-
Evidence Collection and Forensic