Overview

The Certified Information Systems Auditor (CISA) designation, awarded by ISACA, is a globally recognized certification for professionals specializing in information systems auditing, control, and security. CISA equips individuals with the knowledge and expertise to assess and manage IT risks, ensuring the integrity, confidentiality, and availability of information systems. With a strong emphasis on governance and compliance, the CISA certification has become a gold standard in the field. This credential is a testament to one's ability to safeguard organizational assets and drive business success through effective IT audit practices.

CISA aims to certify professionals in IT auditing, control, and security by validating their ability to assess vulnerabilities, ensure compliance, and implement effective risk management strategies. It focuses on enhancing expertise in governance, information system auditing, security policies, IT operations, and incident response. The certification helps organizations strengthen data integrity, cybersecurity, and regulatory compliance, ensuring efficient and secure IT systems.

Offered by

ISACA (Information Systems Audit and Control Association)

Head office

Schaumburg, Illinois, USA

Members

180,000 members

Vision & Mission

ISACA's vision is to help individuals and enterprises realize the positive potential of technology by advancing global knowledge and best practices in digital trust. Its mission is to empower professionals in audit, security, governance, risk, and privacy through innovative certifications, education, research, and community engagement. By fostering a culture of continuous learning and ethical leadership, ISACA equips organizations and individuals with the tools to navigate evolving digital landscapes, enhance cybersecurity resilience, and ensure effective IT governance worldwide.

What is the eligibility?

To pursue the Certified Information Systems Auditor (CISA) certification, there are no specific educational prerequisites required to sit for the CISA exam. This means individuals from various educational backgrounds can enroll in CISA program.

Who can do?

anyone who is interested to learn about following concepts can pursue CISA - Certified Information Systems Auditor:

Auditing Information Systems, IT Governance and Management, Systems Development and Implementation, IT Operations and Resilience, Protection of Information Assets.

individuals with the following designations:

IT Auditor, Information Security Auditor, Risk and Compliance Analyst, IT Governance Manager, Cybersecurity Auditor, Internal Auditor, Data Privacy Officer, IT Risk Manager, Compliance Officer, Information Systems Consultant..

Course structure

The Certified Information Systems Auditor (CISA) certification encompasses five key domains, each reflecting essential areas of expertise for IT auditors:

Domain 1 – Information Systems Auditing Process (18%)

This domain focuses on providing audit services in accordance with IT audit standards to assist organizations in protecting and controlling information systems.

Domain 2 – Governance & Management of IT (18%)

This domain emphasizes the importance of IT governance and management practices, ensuring that IT supports and enables the organization's strategies and objectives.

Domain 3 – Information Systems Acquisition, Development & Implementation (12%)

This domain covers the processes for acquiring, developing, and implementing information systems that align with organizational objectives.

Domain 4 – Information Systems Operations & Business Resilience (26%)

This domain addresses the management of information systems operations, maintenance, and service management to ensure that they support the organization's business objectives.

Domain 5 – Protection of Information Assets (26%)

This domain focuses on ensuring the confidentiality, integrity, and availability of information assets by implementing security measures and controls

Lecture plan

Lecture 1: Information System Auditing Process (3 Hours)

Audit Planning (37)

Key Aspects from the CISA Exam Perspective

Audit Planning

Benefits of Audit Planning

Selection Criteria

Reviewing Audit Planning

Individual Audit Assignments Key Aspects from the CISA Exam Perspective

Business Process Applications and Controls

E-Commerce

Electronic Data Interchange (EDI)

Point of Sale (POS)

Electronic Banking

Electronic Funds Transfer (EFT)

Image Processing

Artificial Intelligence and Expert Systems

Key Aspects from the CISA Exam Perspective

Types of Controls

Preventive Controls

Detective Controls

Corrective Controls

Deterrent Controls

The Difference between Preventive and Deterrent Controls

Compensating Controls

Control Objectives

Control Measures

Key Aspects from the CISA Exam Perspective

Risk-Based Audit Planning

What Is Risk?

Understanding Vulnerability and Threats

Understanding Inherent Risk and Residual Risk

Advantages of Risk-Based Audit Planning

Audit Risk

Risk-Based Auditing Approach

Risk Assessments

Risk Response Methodology

Top-Down and Bottom-Up Approaches to Policy Development

Key Aspects from the CISA Exam Perspective

Types of Audits and Assessments

Lecture 2: Information System Auditing Process (3 Hours)

Audit Execution (36)

Audit Project Management

Audit Objectives

Audit Phases

Fraud, Irregularities, and Illegal Acts

Key Aspects from the CISA Exam Perspective

Sampling Methodology

Sampling Types

Sampling Risk

Other Sampling Terms

Compliance versus Substantive Testing

Key Aspects from the CISA Exam Perspective

Audit Evidence Collection Techniques

Reliability of Evidence

Evidence-Gathering Techniques

Key Aspects from the CISA Exam Perspective

Data Analytics

Examples of the Effective Use of Data Analytics

CAATs

Examples of the Effective Use of CAAT Tools

Precautions while Using CAAT

Continuous Auditing and Monitoring

Continuous Auditing Techniques

Key Aspects from the CISA Exam Perspective

Reporting and Communication Techniques

Exit Interview

Audit Reporting

Audit Report Objectives

Audit Report Structure

Follow-Up Activities

Key Aspects from the CISA Exam Perspective

Control Self-Assessment

Objectives of CSA

Benefits of CSA

Precautions while Implementing CSA

An IS Auditor’s Role in CSA

Key Aspects from the CISA Exam Perspective

Lecture 3: Governance and Management of IT (3 Hours)

IT Governance (31)

Enterprise Governance of IT (EGIT)

EGIT Processes

The Differences between Governance and Management

EGIT Good Practices

Effective Information Security Governance

EGIT – Success Factors

Key Aspects from the CISA Exam Perspective

IT-Related Frameworks

IT Standards, Policies, and Procedures

Policies

Standards

Procedures

Guidelines

Information Security Policy

Key Aspects from the CISA Exam Perspective

Organizational Structure

Relationship between the IT Strategy Committee and the IT Steering Committee

Differences between the IT Strategy Committee and the IT Steering Committee

Key Aspects from the CISA Exam Perspective

Enterprise Architecture

Enterprise Security Architecture

Key Aspects from the CISA Exam Perspective

Enterprise Risk Management

Risk Management Process Steps

Risk Analysis Methods

Risk Treatment

Key Aspects from the CISA Exam Perspective

Maturity Model

Laws, Regulations, and Industry Standards Affecting the Organization

An IS Auditor’s Role in Determining Adherence to Laws and Regulations

Key Aspects from the CISA Exam Perspective

Lecture 4: Governance and Management of IT (3 Hours)

IT Management (24)

IT Resource Management

Human Resource Management

IT Management Practices

Financial Management Practices

Key Aspects from the CISA Exam Perspective

IT Service Provider Acquisition and Management

Evaluation Criteria for Outsourcing

Steps for Outsourcing

Outsourcing – Risk Reduction Options

Provisions for Outsourcing Contracts

Role of IS Auditors in Monitoring Outsourced Activities

Globalization of IT Functions

Outsourcing and Third-Party Audit Reports

Monitoring and Review of Third-Party Services

Key Aspects from the CISA Exam Perspective

IT Performance Monitoring and Reporting

Development of Performance Metrics

Effectiveness of Performance Metrics

Tools and Techniques

Key Aspects from the CISA Exam Perspective

Quality Assurance and Quality Management in IT

Quality Assurance

Quality Management

Key Aspects from the CISA Exam Perspective

Lecture 5: Information Systems Acquisition, Development, and Implementation (3 Hours)

Information Systems Acquisition and Development (23)

Project Management Structure

Project Roles and Responsibilities

Project Objectives, OBS, and WBS

Key Aspects from the CISA Exam Perspective

Business Case and Feasibility Analysis

Business Cases

Feasibility Analysis

The IS Auditor’s Role in Business Case Development

System Development Methodologies

SDLC Models

SDLC Phases

Software Development Methods

Software Reengineering and Reverse Engineering

Key Aspects from the CISA Exam Perspective

Control Identification and Design

Check Digits

Parity Bits

Checksums

Forward Error Control

Data Integrity Principles

Decision Support Systems

Decision Trees

Key Aspects from the CISA Exam Perspective

Lecture 6: Information Systems Acquisition, Development, and Implementation (3 Hours)

Information Systems Implementation (14)

Testing Methodology

Unit Testing

Integration Testing

System Testing

Testing Approach

Testing Phases

Key Aspects from the CISA Exam Perspective

System Migration

Parallel Changeover

Phased Changeover

Abrupt Changeover

Key Aspects from the CISA Exam Perspective

Post-Implementation Review

Key Aspects from the CISA Exam Perspective

Lecture 7: Information Systems Operations and Business Resilience (3 Hours)

Information Systems Operations (35)

Information Systems Operations

Understanding Common Technology Components

The Types of Servers

Universal Serial Bus

Radio Frequency Identification

IT Asset Management

Performance Reports

Job Scheduling

End User Computing

System Performance Management

Nucleus (Kernel) Functions

Utility Programs

Parameter Setting for the Operating System

Registry

Activity Logging

Software Licensing Issues

Source Code Management

Capacity Management

Key Aspects from a CISA Exam Perspective

Problem and Incident Management

Network Management Tools

Key Aspects from a CISA Exam Perspective

Change Management, Configuration Management, and Patch Management

Change Management Process

Patch Management

Configuration Management

Emergency Change Management

Backout Process

The Effectiveness of a Change Management Process

Key Aspects from a CISA Exam Perspective

IT Service-Level Management

Evaluating the Database Management Process

Advantages of Database Management

Database Structures

Key Aspects from a CISA Exam Perspective

Lecture 8: Information Systems Operations and Business Resilience (3 Hours)

Business Resilience (41)

Business Impact Analysis

Key Aspects from the Perspective of the CISA Exam

Data Backup and Restoration

Types of Backup Strategy

Storage Capacity for Each Backup Scheme

Key Aspects from the Perspective of the CISA Exam

System Resiliency

Application Resiliency – Clustering

Telecommunication Network Resiliency

Business Continuity Plan

Steps of the BCP Life Cycle

Contents of the BCP

Backup Procedure for Critical Operations

The Involvement of Process Owners in the BCP

BCP and Risk Assessments

Testing the BCP

Key Aspects from the Perspective of the CISA Exam

Disaster Recovery Plan

The BCP versus the DRP

Key Aspects from the CISA Exam Perspective

DRP – Test Methods

Checklist Review

Structured Walkthrough

Tabletop Test

Simulation Test

Parallel Test

Full Interruption Test

Key Aspects from the CISA Exam Perspective

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

RPO

RTO and RPO for Critical Systems

RTO and RPO and Maintenance Costs

RTO, RPO, and Disaster Tolerance

Key Aspects from the CISA Exam Perspective

Alternate Recovery Sites

Mirrored Site

Hot Site

Warm Site

Cold Site

Mobile Site

Reciprocal Agreement

Lecture 9: Protection of Information Assets (3 Hours)

Information Asset Security and Control (22)

Information Asset Security Frameworks, Standards, and Guidelines

Auditing the Information Security Management Framework

Key Aspects from the CISA Exam Perspective

Privacy Principles

Physical Access and Environmental Controls

Environmental Controls

Alarm Controls

Water and Smoke Detectors

Fire Suppression Systems

Physical Access Control

Key Aspects from the CISA Exam Perspective

Identity and Access Management

Access Control Categories

Default Deny Policy – Allow All Policy

Degaussing (Demagnetizing)

Naming Convention

Single Sign-On

Key Aspects from the CISA Exam Perspective

Biometrics

Biometrics Accuracy Measure

Control over the Biometric Process

Types of Biometric Attacks

Network Security and Control (31)

Network and Endpoint Devices

Open System Interconnection (OSI) Layers

Networking Devices

Network Devices and the OSI Layer

Network Physical Media

Identifying the Risks of Physical Network Media

Network Protocols

Key Aspects from the CISA Exam Perspective

Firewall Types and Implementation

Types of Firewalls

What is a Bastion Host?

What is a Proxy?

Types of Firewall Implementation

The Firewall and the Corresponding OSI Layer

Key Aspects from the CISA Exam Perspective

VPN

Types of VPN

VPNs – Security Risks

VPNs – Technical Aspects

Key Aspects from the Perspective of the CISA Exam

Voice over Internet Protocol (VoIP)

Key Aspects from the CISA Exam Perspective

Wireless Networks

Enabling MAC Filtering

Enabling Encryption

Disabling a Service Set Identifier (SSID)

Disabling DHCP

Common Attack Methods and Techniques for a Wireless Network

Key Aspects from the CISA Exam Perspective

Email Security

Key Aspects from the CISA Exam Perspective

Lecture 10: Protection of Information Assets (3 Hours)

Public Key Cryptography and Other Emerging Technologies (18)

Public Key Cryptography

Symmetric Encryption versus Asymmetric Encryption

Encryption Keys

The Hash of the Message

Combining Symmetric and Asymmetric Methods

Key Aspects from the CISA Exam Perspective

Elements of PKI

PKI Terminology

Processes Involved in PKI

Certifying Authority versus Registration Authority

Key Aspects from the CISA Exam Perspective

Cloud Computing

Cloud Computing – Deployment Models

Types of Cloud Services

Cloud Computing – The IS Auditor’s Role

Virtualization

Mobile Computing

Internet of Things (IoT)

Security Event Management (25)

Security Awareness Training and Programs

Participants

Security Awareness Methods

Social Engineering Attacks

Evaluating the Effectiveness of Security Programs

Key Aspects from the CISA Exam Perspective

Information System Attack Methods and Techniques

Malicious Code

Biometric Attacks

Key Aspects from the CISA Exam Perspective

Security Testing Tools and Techniques

General Security Controls

Network Penetration Tests

Key Aspects from the CISA Exam Perspective

Security Monitoring Tools and Techniques

IDS

IPS

Honeypots and Honey Nets

Key Aspects from the CISA Exam Perspective

Incident Response Management

Computer Security Incident Response Team

Key Aspects from the CISA Exam Perspective

Evidence Collection and Forensics

Chain of Custody

Key Elements of Computer Forensics

Learning Methodology

Berkeley offers expertly developed learning materials tailored to meet participants' needs, ensuring comprehensive coverage of the syllabus and optimal exam preparation.

‣ Tailored Material: Guides are designed to cover the entire syllabus, offering full preparation and deep understanding.

‣ In-Depth Content: Unlike superficial outlines, our materials provide fully developed theories and concepts, equipping participants with complete knowledge.

‣ Strategic Study: We help participants prioritize study time by indicating the weight of each topic, allowing efficient focus on crucial areas.

‣ Difficulty Levels: Topics are labeled as "Awareness" or "Proficiency," guiding participants to allocate time based on the required depth of knowledge.

‣ Comprehensive Coverage: Our materials include detailed theory and a glossary of technical terms to clarify complex concepts.

‣ Effective Learning Techniques: Visual aids and memorization techniques ensure long-lasting retention, helping candidates succeed.

Berkeley’s methodologies equip participants with the essential knowledge and tools for both exams and future success.

Lectures

Our lecture plan integrates structured learning with interactive teaching methods, promoting engagement and collaboration. This approach ensures a comprehensive understanding of concepts, fostering critical thinking and practical application in real-world scenarios.

Practice Session

Practice sessions offer hands-on experience through guided exercises, enhancing skills and reinforcing knowledge. This practical approach ensures mastery of concepts, promoting confidence and competence in real-world applications.

Mock Examination

Mock examinations simulate real test conditions, providing valuable practice and assessment. This helps identify strengths and weaknesses, ensuring thorough preparation and boosting confidence for actual exams.

Berkeley's performance standards

Evaluates and ensure the quality of the training program and all its deliverables. This is measured through the following indicators:
‣ Instructors' experience and style in presenting and explaining topics.
‣ Variety and balance of teaching methods (such as discussions, case studies, mock exams, and videos) used in the course to ensure retention and to match the learning objectives.
‣ Level of interactivity.
‣ Feedback from program participants.
‣ Full compliance with Institute standards and guidelines for preparation and study requirements and methodology.
‣ Progress reports from the training program provider.

What are the Exam Information?

Exam Format & Duration

* Format: Computer-based, administered at authorized PSI testing centers worldwide or as remotely proctored exams.

* Duration: 4 hours

* Number of Questions: 150 multiple-choice questions

* Scale: Scores range from 200 to 800 points.

* Passing Score: A minimum scaled score of 450 is required to pass.

Exam Dates

Candidates can register for the CISA exam at any time throughout the year. Once registered, you have a 365-day window to schedule and take the exam, providing ample flexibility to align with your preparation schedule.

Exam Locations

Exams are administered through the worldwide network of Pearson Vue Testing Centers. Pearson VUE offers flexible options for candidates to take exams either at physical testing centers or remotely through OnVUE, its online proctoring solution.

Fee Structure

Self-Study Program

AED 7300.00

Ideal for disciplined learners who prefer flexibility

Access to Berkeley Study Materials (eBook)
QBank with hundreds of practice questions
Mock exams

Live Online Classes

AED 14700.00

Learn from expert instructors in real-time

Interactive live sessions
Full syllabus coverage and doubt solving
Study materials, QBank, and mock exams

One-to-One Face-to-Face Coaching

AED 22000.00

Personalized, intensive learning experience

Individual attention and customized pace
Direct mentorship with an expert trainer
Complete study package included

Success Stories

“As a strong advocate for education and human development, I commend Berkeley for its exceptional commitment to empowering future leaders. The institution stands as a symbol of excellence, innovation, and opportunity. Students who walk its halls are nurtured with knowledge, values, and vision—qualities that contribute to building a stronger and more prosperous future for our nation.”- H.H. Shaikh Khalifa Al Hamid

Visit our Alumni

Alumni Benefits

‣ Exclusive Networking Events: Access invitations to industry-leading events and thought-leadership gatherings featuring renowned speakers.

‣ Monthly Updates: Stay informed with a newsletter highlighting the latest research, events, and activities from the school.

‣ LinkedIn Community Access: Join the Executive Education LinkedIn group for networking and professional development opportunities.

‣ Educational Discounts: Enjoy a 20% discount on open-enrollment programs and access to workshops focused on emerging trends.

‣ Global Alumni Network: Connect with a diverse alumni community through the Berkeley School’s online network and engage in country and interest groups.

Is It Worth the Investment?

Salaries for CISA-certified professionals vary based on experience, industry, and location.

UK: £50,000 – £100,000 per year, with senior IT auditors and security managers earning higher.
USA: $85,000 – $150,000 annually, with top salaries in finance, tech, and government sectors.
UAE: AED 300,000 – AED 600,000 per year, especially in banking, cybersecurity, and compliance roles.
Canada: CAD 90,000 – CAD 140,000 annually, with high demand in IT governance and auditing.
KSA (Saudi Arabia): SAR 250,000 – SAR 500,000 per year, particularly in finance, telecom, and energy sectors.

What You Earn

You will get a certificate of completion, which is highly reputed and accepted by employers

Fundamental Knowledge

Expertise in IT auditing, risk management, governance, security controls, and compliance to ensure secure and efficient information systems.

Career Advancement

Enhance your career prospects and earning potential in IT auditing and information security.

Technical Skills

Learn to identify and manage risks associated with information systems and technology

Industry Relevance

Gain credibility and recognition in the IT audit and control profession.

Future Trends

Increasing demand for IT auditors with expertise in AI-driven cybersecurity, cloud security, regulatory compliance, and risk management automation.

Related courses

CIMA Fast-Track - Chartered Institute of Management Accountants

Under the CIMA fast-track (exemption of 15 examinations out of a total of 16 examinations, depending on the candidate’s profile), candidates will sit only for the last case study exam of the CIMA qualification.

CMA USA – Certified Management Accountant

The CMA (Certified Management Accountant) USA, awarded by IMA, is a premier certification for management accountants, focusing on financial planning and strategic decision-making.

CPA USA – Certified Public Accountant

The CPA (Certified Public Accountant) USA designation, granted by AICPA, is a top certification for accounting professionals. It covers auditing, taxation, and financial reporting.

Certified Blockchain Professional

The Certified Blockchain Professional (CBCP) certification by GAQM is designed for professionals seeking to develop expertise in blockchain technology. It covers key topics such as blockchain fundamentals, cryptography, blockchain architecture, consensus algorithms, smart contracts, and decentralized applications (DApps). The certification provides a comprehensive understanding of how blockchain can be applied across various industries, including finance, supply chain, and healthcare.

Management of Risk (MoR)

Management of Risk (MoR®) is a structured framework designed to help organizations identify, assess, and manage risks effectively across strategic, program, project, and operational levels. It provides a systematic approach to balancing risk with reward, ensuring informed decision-making and business resilience. MoR® integrates risk management principles, processes, and techniques to help organizations minimize threats and maximize opportunities. Applicable across various industries, it complements other frameworks like PRINCE2®, MSP®, and MoV®, making it a valuable certification for professionals involved in risk management and business strategy.

BERKELEY SCHOOL OF BUSINESS, ARTS & SCIENCES

CISA - Certified Information Systems Auditor

Course structure

Domain 1 – Information Systems Auditing Process (18%)

Domain 2 – Governance & Management of IT (18%)

Domain 3 – Information Systems Acquisition, Development & Implementation (12%)

Domain 4 – Information Systems Operations & Business Resilience (26%)

Domain 5 – Protection of Information Assets (26%)

Lecture plan

Lecture 1: Information System Auditing Process (3 Hours)

Lecture 2: Information System Auditing Process (3 Hours)

Lecture 3: Governance and Management of IT (3 Hours)

Lecture 4: Governance and Management of IT (3 Hours)

Lecture 5: Information Systems Acquisition, Development, and Implementation (3 Hours)

Lecture 6: Information Systems Acquisition, Development, and Implementation (3 Hours)

Lecture 7: Information Systems Operations and Business Resilience (3 Hours)

Lecture 8: Information Systems Operations and Business Resilience (3 Hours)

Lecture 9: Protection of Information Assets (3 Hours)

Lecture 10: Protection of Information Assets (3 Hours)

Learning Methodology

Berkeley's performance standards

What are the Exam Information?

Self-Study Program

Live Online Classes

One-to-One Face-to-Face Coaching

Visit our Alumni

Alumni Benefits

Is It Worth the Investment?

What You Earn

Fundamental Knowledge

Career Advancement

Technical Skills

Industry Relevance

Future Trends

Related courses

FAQ: CISA - Certified Information Systems Auditor

contact us for more information or to apply for admission. Seats fill up quickly, so we encourage early registration!