The Certified Information Systems Auditor (CISA) certification exam focuses on five job practice areas, or domains. You can review them all here. In this article, we will focus on CISA Domain 1: The Process of Auditing Information Systems. This domain is the second largest, accounting for 21% of exam content, which underlines its importance to the certification.
Its aim is to ensure you know how to:
- Manage the audit process in accordance with IS audit standards
- Plan audits, ensuring the scope matches the needs of the organization being audited
- Perform the audit and gather appropriate evidence
- Communicate the results and recommendations to stakeholders
ISACA IT audit and assurance standards are a central theme for CISA and, although candidates need not memorize the details for the exam, they should have a firm grasp of their scope and application. Many of the standards build on good information systems (IS) practices; candidates who have been practitioners for some time should have no problem grasping the content.
There are three levels:
- Standards, or mandatory requirements covering topics like audit and assurance processes and reporting.
- Guidelines to help implement the standards. There are over 40 documented guidelines ranging from application systems review through mobile computing to access control.
- Tools & techniques, including practical steps for implementing controls. They include business application change control and intrusion detection.
In addition, ISACA certification holders must comply with the organization’s code of professional ethics; candidates should also familiarize themselves with its content.
Good planning is the foundation of a successful audit. The Audit Charter contains the output from the planning exercise and describes the scope, objectives, approach, timeline, roles, and responsibilities for the audit.
Internal audits are approved by senior management, and external audits are a central element of the contract for the audit service.
CISA promotes a risk-based (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Brian Hickey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/bT9ONDfvPd4/