• Online, Self-Paced
Course Description

Performing successful information system audits includes the ability to determine if the organization has an effective governance framework in place, including accountability and monitoring practices that are adhered to. This course covers governance best practices including information security governance, responsible IT governance committee practices, and enterprise architecture. This course also outlines IS strategy, value, and policies best practices including strategic planning, IT portfolio management, policies, and procedures. Finally this course covers best organizational practices for risk management and IT management, including organizational change management, financial management, and human resources management practices. This course is one of a series in the Skillsoft learning path that covers the objectives for the ISACA Certified Information Systems Auditor (CISA) certification exam.

Learning Objectives


  • start the course
  • recognize the task and knowledge statements of domain 2
  • identify characteristics of corporate governance
  • identify GEIT characteristics and best practices
  • recognize the purpose and responsibilities of IT governing committees
  • describe the purpose and characteristics of an IT balanced scorecard
  • identify IS governance best practices
  • describe the purpose and best practices of EA

IS Strategy, Value, and Policies

  • recognize the role of IS strategic planning in IS audit activities
  • identify role and responsibilities of an IT steering committee
  • distinguish between different maturity process improvement models
  • recognize the financial and nonfinancial value of IT
  • identify characteristics of IT portfolio management
  • identify characteristics and role of policies in the IS audit framework
  • identify characteristics and role of procedures in the IS audit framework

Risk Management

  • identify characteristics of risk management and the steps for developing a risk management program
  • distinguish between the steps of the risk management process; distinguish between qualitative, semiquantitative and quantitative analysis methods

IT Management Practices

  • identify characteristics of organizational human resource management practices
  • distinguish between different sourcing options for delivering and performing IT functions
  • identify characteristics of organizational change management practices
  • identify characteristics of financial management practices
  • identify characteristics of information security management practices
  • identify characteristics and best practices of performance optimization

Practice: Risk Management Best Practices

  • identify best practices for IT governance, IT risk management, and general IT management in an organization

Framework Connections