CISA TRAINING COURSE INTRODUCTION:
The CISA Training (Certified Information Systems Auditor) program is the globally accepted standard of achievement among information of system audit, control and security professionals. The CISA designation demonstrates proficiency and is basis for measurement in the profession. With a growing demand for professional possessing IS audit, control and security skills.
Certified Information Systems Auditor Training course has been designed according to norms of Information system audit and control association. IdesTrainings offers CISA Online Training gives you all the information that will help you to understand IS security audit processes in a better manner.
Prerequisites:
Attendees should have a minimum of professional systems auditing, control or security work experience.
What is CISA?
The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit & Control Association (ISACA). The purpose of the certification is to assist employers in hiring auditors who are skilled in measuring & assessing IT controls by affirming that a candidate possesses a baseline set of auditing skills. CISA gained worldwide acceptance having uniform certification criteria, the certification a high degree of visibility & recognition in the fields of IT security, IT audit, IT risk management and governance.
Objectives for CISA Training:
- Be able to identify and assess vulnerabilities, and report on compliance and institutional controls.
- Acquire the relevant knowledge & skills required to clear the CISA certification exam by ISACA.
- Gain a better understanding of IS audit and assurance guideline, standards, and best practice for IS audit and control, governance of enterprise IT, acquisition, development, testing, & implementation of information systems.
- Develop working knowledge of the five domain of CISA Training, as prescribed by CISA.
Information System Audit Process:
In CISA Training developing a risk-based IS audit process that can be implemented in accordance with generally accepted the audit standards & guidelines will ensure that your organization’s systems and information technology are adequately controlled & are meeting the needs of the business. This chapter will outline the steps necessary to implement the process. Knowledge of this subject matter comprises ten percent of the CISA exam content. Required knowledge for these processes are described in detail and some insight on managing the process to best meet the needs of organization as well as to achieve reliable and dependable audit objective and results will be explained.
- Developing and implementing risk-based IS audit scopes and objectives in compliance with generally accepted audit standards that will be ensure that information technology and business processes are adequately controlled to meet the organization’s business objective
- Planning IS audits.
- Obtaining sufficient, relevant, and reliable evidence the audit objectives.
- Analyzing that evidence to identify the control weaknesses and to reach conclusions.
- Reviewing work performed to provide reasonable assurance that the audit objectives were achieved and the conclusions were appropriate.
- Facilitate the risk management and control practice within the organization.
The IS audit process itself is similar to the System Development Life Cycle processes that you will audit. The successful deployment of an audit engagement consists of the following:
- Careful & methodical planning.
- Determining the scope and objective with the stakeholders.
- Validating the plan, its scope, and objective with the stakeholders.
- Identifying the required resources.
- Carrying out the planned tasks.
- Documenting steps and results along the way.
- Validating or testing the result of the tasks.
- Reporting final results back to the process owner or stakeholders for their final agreement or approval.
Controls:
The CISA candidate must understand the various types of controls and their use. There are three basic kinds of controls.
Preventive Controls:
Preventive controls are controls designed to prevent an error, omission, or negative act from occurring. Locking the door is a preventive control because it keeps the door from being opened. Any control that circumvents a risk from occurring is a preventive control. These are the best kind of controls to put in place because the bad thing should never happen when a preventive control is applied to the risk. Taking positive actions and proactive steps based on the previously identifying the risks are usually preventive controls. Putting procedures formally in place is another example of preventive control. Formally implies that these procedures are in writing, monitored, and enforced.
Detective Controls:
Detective controls are controls put in place to detect or indicate that an error or a bad thing has happened. An alarm on the door is a detective control because it tells you when the door has been opened but does not prevent someone from upcoming through the door. Reports and audit logs of activities are common examples or detective controls. It is better to know undesirable risk situation has occurred than to be unaware of the occurrence at all. Other examples of detective occurred, such as bench reviews, and periodic analysis of reports of transactions for discrepancies.
Corrective Controls:
Corrective controls are those controls that enable a risk or deficiency to be corrected before a loss occurs. They are intended to fix the identified error after it has occurred and before the problem results in consequence related to the risk. For example, if a computer process has a check subroutine that identifies an error & makes a correction before enabling the process to continue this would be considered a corrective control. A corrective control may be dependent upon the detective control to initially identify the error. Another example that a medical billing process automatically checks for male users of a gynaecological process at a medical facility. The program could stop & force an intervention either through a branching the subroutine.