• Online, Self-Paced

Auditing information systems requires more than a good plan; it requires effectively executing the audit plan, skill in assessing and reporting results, and anticipating necessary changes as the process evolves. This course covers practical knowledge for performing an IS audit, as well as best practices for finalizing an audit, compiling results, and effectively communicating pertinent outcomes. This course is one of a series in the Skillsoft learning path that covers the objectives for the ISACA Certified Information Systems Auditor (CISA) certification exam.

Learning Objectives

Performing an IS Audit

  • start the course
  • describe the objectives of an IS audit
  • distinguish between different types of audits
  • identify characteristics of an audit methodology
  • identify best practices in a risk-based audit approach
  • recognize risk influences and best practices when auditing risk for materiality
  • identify risk assessment and risk treatment best practices

Finalizing an IS Audit

  • describe characteristics of audit programs
  • identify best practices for fraud detection when performing IS audits
  • distinguish between compliance and substantive testing when conducting IS audits
  • identify best practices for evaluating and using evidence when conducting IS audits
  • identify best practices when interviewing and observing personnel in performance of their duties
  • identify best practices for sampling as part of an IS audit
  • identify best practices when outsourcing IS assurance and security services for IS audit activities
  • distinguish between different computer-assisted audit techniques and tools
  • identify best practices for evaluating the control environment

Communicating Audit Results

  • describe characteristics and best practices for using exit interviews and audit reports to present IS audit findings
  • identify characteristics and best practices of audit documentation
  • identify best practices for IS audit follow-up activities

Control Self-assessment

  • recognize the characteristics and objectives of CSA
  • identify the benefits and disadvantages of CSA
  • describe the auditor's role in a CSA program
  • identify characteristics of the CSA approach and its technology drivers

The Evolving IS Audit Process

  • identify best practices for integrating auditing activities in an organization
  • identify best practices for continuous auditing activities in an organization

Practice: Performing IS Audits

  • identify best practices for managing risk, communicating results, and CSA during IS audit activities

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Investigation
  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Systems Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.