Overview

Certified Information Systems Auditor (CISA) is a globally acknowledged certification, which builds upon the previous experience of IS professionals, to produce valuable employees who possess exceptional knowledge of Information Systems Auditing, Control, and Security.

This certification is a DoD Approved 8570 Baseline Certification and meets DoD 8140/8570 training requirements.

During this CISA training course, delegates will be exposed to the Five Domains of Information Security Auditing. These domains comprise the foundations of CISA and it is imperative that delegates grasp a complete understanding of these aspects in order to pass the CISA exam and use their certification within the workplace. Within each of these domains exists multiple topics, which when combined, provide a comprehensive overview of the domain of focus. Due to the breadth of information imparted with each topic over a period of just four days, this course is considered intensive and candidates must study hard to obtain the certification.

The five domains are as follows:

  1. The Process of Auditing Information Systems

  2. Governance & Management of IT

  3. Information Systems Acquisition, Development, and Implementation

  4. Information Systems Operations, Maintenance, and Support

  5. Protection of Information Assets

The CISA essential for professionals dealing with controlling, monitoring, and assessing an organisation's information technology and business systems. This includes:

  • IS/IT auditors/consultants

  • IT compliance managers

  • Chief Compliance Officers

  • Chief risk & privacy officers

  • Security heads/directors

  • Security managers/architects

The above list is a suggestion only; individuals may wish to attend based on their own career aspirations, personal goals or objectives. Delegates may take as few or as many Intermediate qualifications as they require, and to suit their needs.

Read more +

Prerequisites

There are no prerequisites to learn CISA from this tutorial. However, to get the CISA certification you need to:

  • Pass the CISA examination

  • Submit an application for CISA certification

  • Pay a $50 application fee directly to ISACA

  • Adhere to the Code of Professional Ethics

  • Dedicate to the Continuing Professional Education Program

  • Compliance with the Information Systems Auditing Standards

The examination is open to all individuals who have an interest in information systems audit, control, and security. A minimum of 5 years of professional information systems auditing, control or security work experience is required for the CISA certification.

This training course is not suitable for beginners. It is required that delegates possess at least five years of exposure in the field of Information Systems Auditing. With this information in mind, it is expected that CISA qualified candidates have an outstanding level of professional experience, commitment, and extensive knowledge of IS Auditing. Thus, a CISA qualification is likely to open many doors and propel certified individuals into a high ranking position within the enterprise.

Please note: This exam is sat separately from the course. Delegates must book the exam directly from ISACA.

Read more +

Learning Outcomes

The five domains within the course are as follows:

  • The Process of Auditing Information Systems

  • Governance & Management of IT

  • Information Systems Acquisition, Development, and Implementation

  • Information Systems Operations, Maintenance, and Support

  • Protection of Information Assets

Read more +

Course Outline

The course content surrounds the pivotal Five Domains. The information imparted within each domain is as follows:

Domain 1: Information Systems Audit Process:

  • Developing a risk-based IT audit strategy

  • Planning specific audits

  • Conducting audits to IS audit standards

  • Implementation of risk management and control practices

Domain 2: IT Governance and Management:

  • Effectiveness of IT Governance structure

  • IT organisational structure and human resources (personnel) management

  • Organisation's IT policies, standards, and procedures

  • Adequacy of the Quality Management System

  • IT management and monitoring controls

  • IT resource investment

  • IT contracting strategies and policies

  • Management of organisations IT-related risks

  • Monitoring and assurance practices

  • Organisation business continuity plan

Domain 3: Information Systems Acquisition, Development, and Implementation:

  • Business case development for IS acquisition, development, maintenance, and retirement

  • Project management practices and controls

  • Conducting reviews of project management practices

  • Controls for requirements, acquisition, development, and testing phases

  • Readiness for Information Systems

  • Project Plan Reviewing

  • Post Implementation System Reviews

Domain 4: Information Systems Operations, Maintenance, and Support:

  • Conduct periodic reviews of organisations objectives

  • Service level management

  • Third party management practices

  • Operations and end-user procedures

  • Process of information systems maintenance

  • Data administration practices determine the integrity and optimisation of databases

  • Use of capacity and performance monitoring tools and techniques

  • Problem and incident management practices

  • Change, configuration, and release management practices

  • Adequacy of backup and restore provisions

  • Organisation's disaster recovery plan in the event of a disaster

Domain 5: Protection of Information Assets:

  • Information security policies, standards and procedures

  • Design, implementing, monitoring of system and logical security controls

  • Design, implementing, monitoring of data classification processes and procedures

  • Design, implementing, monitoring of physical access and environmental controls

  • Processes and procedures to store, retrieve, transport and dispose of information assets

Effect 1st Aug 2024

Comparison of 2019 to 2024 CISA exam content outline (ECO) domains (no change to the five domain headings):

Domains 2019 ECO 2024 ECO
Domain 1: Information System Auditing Process 21% 18%
Domain 2: Governance and Management of IT 17% 18%
Domain 3: Information System Acquisition, Development, and Implementation 12% 12%
Domain 4: Information Systems Operations and Business Resilience 23% 26%
Domain 5: Protection of Information of Assets 27% 26%
Total 100% 100%

Read more +

QA is proud to be an official ISACA partner.

Why choose QA

Special Notices

This course is DoD 8570 & DoD 8140 compliant.

To help with your studies, you will receive the following when booking this course with QA:

  • ISACA CISA Review 27th Edition Manual (eBook)

  • ISACA CISA Exam Prep Tool

  • ISACA CISA Exam Voucher

To see all our ISACA courses, please click here.

ISACA CISA Exam Change effective 1st Aug 2024 - FAQ can be found here.

Dates & Locations

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
AI Security
Application Security
Cyber Blue Team
Cybersecurity Maturity Model Certification (CMMC)
Cloud Security
DFIR Digital Forensics & Incident Response
Industrial Controls & OT Security
Information Security Management
NIST Pathway
Offensive Security
Privacy Professional
Reverse Engineer
Secure Coding
Security Auditor
Security Architect
Security Risk
Security Tech Generalist
Vulnerability Assessment & Penetration Testing

Governance, Risk & Compliance learning paths

Want to boost your career in Governance, Risk & Compliance? View QA's learning pathway below, specially designed to give you the skills to succeed.

= Required
= Certification
Information Security Management
NIST Pathway
Security Auditor
Security Risk
Need to know

Frequently asked questions

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Let's talk

A member of the team will contact you within 4 working hours after submitting the form.

By submitting this form, you agree to QA processing your data in accordance with our Privacy Policy and Terms & Conditions. You can unsubscribe at any time by clicking the link in our emails or contacting us directly.