• Online, Self-Paced

Auditing information systems requires professionals to understand, and plan an effective auditing process. This course covers the audit function, including best practices for organizing, planning, and resourcing audit activities. This course also covers industry-recognized audit and assurance standards, guidelines, and tools, as well as effective information systems controls frameworks including COBIT5 and risk analysis. This course is one of a series in the Skillsoft learning path that covers the objectives for the ISACA Certified Information Systems Auditor (CISA) certification exam.

Learning Objectives

Managing the IS Audit Function

  • start the course
  • recognize the task and knowledge statements of domain 1
  • describe characteristics of the IS audit function
  • identify best practices in IS audit resource management
  • identify best practices for planning audits
  • identify the effects of laws and regulations on IS audit planning

 

Audit Standards, Guidelines, and Tools

  • recognize the ISACA Code of Professional Ethics
  • identify the IS audit and assurance general standards
  • identify the IS audit and assurance performance standards
  • identify the IS audit and assurance reporting standards

 

ISACA IS Audit and Assurance Guidelines

  • identify the IS audit and assurance general guidelines
  • identify the IS audit and assurance performance guidelines
  • identify the IS audit and assurance reporting guidelines
  • distinguish between the different categories of IS audit and assurance tools and techniques
  • identify best practices when applying ISACA guidelines, standards, and tools and techniques in relation to each other and external guidelines such as regulatory requirements
  • recognize characteristics of the ITAF reference model

 

IS Controls

  • identify the steps of the risk management process
  • distinguish between preventive, detective, and corrective controls
  • identify IS different types of IS control objectives
  • describe how the COBIT 5 framework is used as part of IS control
  • identify general controls used for information systems
  • identify IS control procedures

 

Practice: IS Auditing Best Practices

  • identify best practices when planning and managing IS audits

 

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Cyber Investigation
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Systems Analysis
  • Systems Architecture
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.