• Home

Certified Information Systems Auditor (CISA®) Examination Preparation

Certified Information Systems Auditor (CISA®) Examination Preparation

General Information:

CISA is the globally recognized gold standard for IS audit, control, and assurance, in demand and valued by leading global brands. It’s often a mandatory qualification for employment as an IT auditor. CISA holders have validated the ability to apply a risk-based approach to planning, executing, and reporting on audit engagements. 

There are 150 Questions on the exam, which must be completed in 4 hours. It is available online via remote proctoring and at in-person testing centers.

The CISA certification is intended for:

Early to mid-career professionals seeking recognition and enhanced credibility in interactions with internal and external stakeholders, regulators, and customers. Job roles include: 

  • IT Audit Directors/Managers/Consultants
  • IT and Internal Auditors
  • Compliance/Risk/Privacy Directors
  • IT Directors/Managers/Consultants

CPE Overview:

To maintain your CISA, you must earn and report a minimum of 120 CPE hours every 3-year reporting cycle and at least 20 hours annually. CISA awards up to 1 hour of CPE for every 1 hour of instructor-led training. The online review course earns 28 CPEs, and Virtual Instructor-Led Training (VILT) earns 14 CPEs.

Course Duration:

Online Course: Approximately 22 hours

In-person training or VILT: 2-4 days

Course Topics:

Domain 1: Information Systems Auditing Process


  • IS Audit Standards, Guidelines, and Codes of Ethics
  • Business Proces Types of Controls
  • Risk-based Audit Planning
  • Types of Audits and Assessments


  • Audit Project Management
  • Sampling Methodology
  • Audit Evidence Collection Techniques
  • Data Analytics
  • Reporting and Communication Techniques
  • Quality Assurance and Improvement of the Audit Process

Domain 2: Governance and Management of IT

IT Governance and IT Strategy

  • IT-related Frameworks
  • IT Standards, Policies, and Procedures
  • Organizational Structure
  • Enterprise Architecture
  • Enterprise Risk Management
  • Maturity Models
  • Laws, Regulations, and Industry Standards Affecting the Organization

IT Management

  • IT Resource Management
  • IT Service Provider Acquisition and Management
  • IT Performance Monitoring and Reporting
  • Quality Assurance and Quality Management of IT

Domain 3: Information Systems Acquisition, Development, and Implementation

Information Systems Acquisition and Development

  • Project Governance and Management
  • Business Case and Feasibility Analysis
  • System Development Methodologies
  • Control Identification and Design

Information Systems Implementation

  • Testing Methodologies
  • Configuration and Release Management
  • System Migration, Infrastructure Deployment, and Data Conversion
  • Post-implementation Review

Domain 4: Information Systems Operations and Business Resilience

Information Systems Operations

  • Common Technology Component
  • IT Asset Management
  • Job Scheduling and Production Process Automation
  • System Interfaces
  • End-user Computing
  • Data Governance
  • Systems Performance Management
  • Problem and Incident Management
  • Change, Configuration, Release, and Patch Management
  • IT Service Level Management
  • Database Management

Business Resilience

  • Business Impact Analysis
  • System Resiliency
  • Data Backup, Storage, and Restoration
  • Business Continuity Plan
  • Disaster Recovery Plans

Domain 5: Protection of Information Assets

Information Asset Security Frameworks, Standards, and Guidelines

  • Privacy Principles
  • Physical Access and Environmental Controls
  • Identity and Access Management
  • Network and Endpoint Security
  • Data Classification
  • Data Encryption and Encryption-related Techniques
  • Public Key Infrastructure
  • Web-based Communication Technologies
  • Virtualized Environments
  • Mobile, Wireless and Internet-of-things Devices

Security Event Management

  • Security Awareness Training and Programs
  • Information System Attack Methods and Techniques
  • Security Testing Tools and Techniques
  • Security Monitoring Tools and Techniques
  • Incident Response Management
  • Evidence Collection and Forensics


Event Information

Event Date To Be Confirmed
Event End Date 12-31-2099
Capacity Unlimited
Registered 0
Individual Price $1,495.00
Location Virtual