• Online, Self-Paced
Course Description

A key responsibility of IS auditing professionals is understanding and ensuring that the method in which organizations conduct IS acquisition, development, testing, and implementation activities support and fulfill organizational objectives and strategic goals. This course covers best practices for IS development and project management structure and planning. This course also covers business application systems best practices including virtualization and cloud computing environments, and application development methods. Finally this course provides relevant information on IS maintenance practices, system development activities, application controls, and best practices for auditing application controls. This course is one of a series in the Skillsoft learning path that covers the objectives for the ISACA Certified Information Systems Auditor (CISA) certification exam.

Learning Objectives

IS Development Benefits

  • start the course
  • recognize the task and knowledge statements of domain 3
  • identify the objectives, characteristics, and techniques of benefits realization through portfolio/program management and business case development and approval

Project Management Structure and Practices

  • identify characteristics of the project management structure
  • identify characteristics of project initiation and planning
  • identify characteristics of project execution, controlling, and closure

Business Application Systems

  • identify characteristics of the SDLC approach and phases, integrated resource management systems, and risk associated with software development
  • identify characteristics of the SDLC approach and phases, integrated resource management systems, and risk associated with software development
  • identify characteristics, key risk areas, and typical controls of virtual and cloud environments
  • distinguish between E-commerce, Electronic Data Interchange, Email, Point-of-sale, electronic banking, electronic finance, payment, and integrated manufacturing business application system characteristics
  • distinguish between electronic funds transfer, ATM, interactive voice response, purchase accounting, image processing, industrial control, AI and expert, business intelligence, decision support, customer relationship management, and supply chain management business application systems characteristics

Application Development

  • distinguish between structured analysis, design and development techniques, Agile, Prototyping-evolutionary, rapid application, and object-oriented system development methods
  • distinguish between component-based, web-based application, software reengineering, and reverse engineering development methods
  • identify characteristics of physical architecture analysis, infrastructure implementation planning, and critical success factors in infrastructure development activities
  • identify best practices for hardware acquisition, system software acquisition, and system software implementation activities

Information Systems Maintenance Practices

  • identify characteristics and best practices for the change management process and change management documentation
  • identify characteristics and best practices for testing and auditing change programs, emergency changes, and configuration management

Development and Process Improvement

  • identify characteristics and best practices for code generators, computer-aided software engineering, and fourth-generation languages
  • distinguish between BPR methods and techniques, ISO 9126, CMMI, and ISO/IEC 330XX series process improvement practices

Application Controls

  • identify characteristics of input/origination controls
  • identify characteristics of processing procedures and controls
  • identify characteristics of output controls, and business process control assurance best practices

Auditing Controls and Systems Development

  • identify best practices for auditing application controls
  • identify best practices for auditing systems development, acquisition, and maintenance

Practice: IS Development and Implementation

  • identify best practices when auditing IS acquisitions, development, and implementation activities within an organization

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Systems Analysis
  • Systems Architecture
  • Vulnerability Assessment and Management