ebook img

ISACA - Firebrand Training PDF

223 Pages·2016·1.89 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview ISACA - Firebrand Training

Kit Code: K-115-01 www.firebrandtraining.co.uk ISACA CISA Certification Certified Information Systems Auditor Courseware Courseware version 6.1 1 4/24/2017 1 2017 CISA Review Course Introduction 4/24/2017 2 Agenda This introduction will address: • The CISA Certification • Course format • Examination format • Introduction of Attendees © Firebrand Training Ltd 2 4/24/2017 3 CISA Certified Information Systems Auditor • Designed for personnel that will audit and review information systems • Assurance that systems are designed, developed, implemented and maintained to support business needs and objectives • Tough but very good quality examination • Requires understanding of the concepts behind information systems audit – not just the definitions 4/24/2017 4 CISA Exam Review Course Overview The CISA Exam is based on the CISA job practice The ISACA CISA Certification Committee oversees the development of the exam and ensures the currency of its content There are five content areas that the CISA candidate is expected to know © Firebrand Training Ltd 3 4/24/2017 5 CISA Job Practice Areas The Process of Auditing Information Systems Governance and Management of IT Information Systems Acquisition, Development and Implementation Information Systems Operations, Maintenance and Support Protection of Information Assets 4/24/2017 6 CISA Qualifications To earn the CISA designation, information security professionals are required to: • Successfully pass the CISA exam • Submit an Application for CISA certification • Minimum of five years information systems auditing, control or security work experience (waivers for education) • Adhere to the ISACA Code of Professional Ethics • Adherence to the CISA continuing education policy • Compliance with Information Systems Auditing Standards © Firebrand Training Ltd 4 4/24/2017 7 Daily Format Lecture and Sample questions Approximately two domains per day • Domain structure • Learning Objectives • Content • Sample Questions Please note that the information in every domain overlaps with the information in other domains – during the course we will introduce topics that are expanded upon in later domains. 4/24/2017 8 The Examination © Firebrand Training Ltd 5 4/24/2017 9 Description of the Exam The exam consists of 150 multiple choice questions that cover the CISA job practice areas. Four hours are allotted for completing the exam See the Candidate Guide 2016 included in the course booklet for further details • The 2017 examination content is the same as the 2016 examination 4/24/2017 10 Examination Job Practice Areas The exam items are based on the content within 5 information systems audit areas Process of Auditing Information Systems 21% Governance and Management of IT 16% Information Systems Acquisition, Development and Implementation 18% Information Systems Operations, Maintenance and Support 20% Protection of Information Assets 25% CISA © Firebrand Training Ltd 6 4/24/2017 11 Examination Day Be on time!! Bring an acceptable form of original photo identification (passport, photo id or drivers’ license). No notes or papers may be taken into the exam. Preliminary results will be provided immediately after the exam Detailed results provided in ten days. 4/24/2017 12 Completing the Examination Items Read each question carefully Read ALL answers prior to selecting the BEST answer There is no penalty for guessing. Answer every question © Firebrand Training Ltd 7 4/24/2017 13 Grading the Exam Candidate scores are reported as a scaled score based on the conversion of a candidate’s raw score on an exam to a common scale ISACA uses and reports scores on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass Good Luck! 4/24/2017 14 Introduction of Classmates © Firebrand Training Ltd 8 4/24/2017 15 End of Introduction © Firebrand Training Ltd 1 6/1/2017 1 The Process of Auditing Information Systems 2017 CISA Review Course 6/1/2017 2 Ensure that the CISA candidate… Has the knowledge necessary to provide audit services in accordance with IT audit standards to assist the organisation with protecting and controlling information systems Exam Relevance The content area in this chapter will represent approximately 21% of the CISA examination (approximately 32 questions) © Firebrand Training Ltd 2 6/1/2017 3 Agenda Definition and Planning of Audit Risk Management Audit Planning Performing the Audit Audit, Analysis and Reporting Conclusion 6/1/2017 4 Chapter 1 Learning Objectives Develop and implement a risk-based IT audit strategy based on IT audit standards Plan specific audits to determine whether information systems are protected, controlled and provide value to the organisation Conduct audits in accordance with IT audit standards to achieve planned audit objectives © Firebrand Training Ltd 3 6/1/2017 5 Learning Objectives (continued) Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary Conduct follow-ups or prepare status reports to ensure appropriate actions have been taken by management in a timely manner 6/1/2017 6 Definition Information systems are defined as the combination of strategic, managerial and operational activities involved in gathering, storing, processing, distributing and using Information – and its related technologies © Firebrand Training Ltd 4 6/1/2017 7 Definition of auditing • Systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an economic entity or event for the purpose of forming an opinion about and reporting on the degree to which the assertion conforms to an identified set of standards. Definition of Auditing 6/1/2017 8 IS Audit IS Audit is the formal examination, interview and/or testing of information systems to determine whether: • Information systems are in compliance with applicable laws, regulations, contracts and/or industry guidelines • IS data and information have appropriate levels of confidentiality, integrity and availability • IS operations are being accomplished efficiently and effectiveness targets are being met © Firebrand Training Ltd 5 6/1/2017 9 Internal versus External Audit Internal • Audit charter • Authority, scope and responsibilities of the audit function External • Formal contract and statement of work Both types of audit report to an audit committee or highest level of management 6/1/2017 10 Audit Program Challenges • Competence (Audit standard of Proficiency) • Skills and knowledge necessary • Ongoing training • Specialised auditors • Tools, methodology IS Audit Resource Management © Firebrand Training Ltd 6 6/1/2017 11 Involves short and long term planning (annual basis) Short term Audit issues to be covered during the year Long term Changes in the strategic direction of the organisation Impact on the organisation’s IT environment Audit Planning 6/1/2017 12 The Audit Universe All processes that may be considered for audit Qualitative and/or quantitative risk assessment of risk factors based on: • Frequency • Impact Audit plans are based on areas of “high” risk © Firebrand Training Ltd

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.