Book Image

CISA – Certified Information Systems Auditor Study Guide

By : Hemang Doshi
Book Image

CISA – Certified Information Systems Auditor Study Guide

By: Hemang Doshi

Overview of this book

Are you looking to prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor? The CISA - Certified Information Systems Auditor Study Guide is here to help you get started with CISA exam prep. This book covers all the five CISA domains in detail to help you pass the exam. You’ll start by getting up and running with the practical aspects of an information systems audit. The book then shows you how to govern and manage IT, before getting you up to speed with acquiring information systems. As you progress, you’ll gain knowledge of information systems operations and understand how to maintain business resilience, which will help you tackle various real-world business problems. Finally, you’ll be able to assist your organization in effectively protecting and controlling information systems with IT audit standards. By the end of this CISA book, you'll not only have covered the essential concepts and techniques you need to know to pass the CISA certification exam but also have the ability to apply them in the real world.

Related Content you might be interested in

Current Title:

Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Aug, 2020 | 590 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Dec, 2022 | 718 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Section 1: Information System Auditing Process
Section 1: Information System Auditing Process
Free Chapter
2
Audit Planning
Audit Planning
The content of an audit charter
Audit planning
Business process applications and controls
Types of controls
Risk-based audit planning
Types of audit and assessment
Summary
Assessments
3
Audit Execution
Audit Execution
Audit project management
Sampling methodology
Audit evidence collection techniques
Data analytics
Reporting and communication techniques
Control self-assessment
Summary
Assessments
4
Section 2: Governance and Management of IT
Section 2: Governance and Management of IT
5
IT Governance
IT Governance
IT enterprise governance (EGIT)
IT-related frameworks
IT standards, policies, and procedures
Organizational structure
Enterprise architecture
Enterprise risk management
Maturity model
Laws, regulations, and industry standards affecting the organization
Summary
Assessments
6
IT Management
IT Management
IT resource management
IT service provider acquisition and management
IT performance monitoring and reporting
Quality assurance and quality management in IT
Summary
Assessment answers
7
Section 3: Information Systems Acquisition, Development, and Implementation
Section 3: Information Systems Acquisition, Development, and Implementation
8
Information Systems Acquisition and Development
Information Systems Acquisition and Development
Project management structure
Business cases and feasibility analysis
System development methodologies
Control identification and design
Summary
Assessments
9
Information Systems Implementation
Information Systems Implementation
Testing methodology
System migration
Post-implementation review
Summary
Assessments
10
Section 4: Information System Operations and Business Resilience
Section 4: Information System Operations and Business Resilience
11
Information System Operations
Information System Operations
Understanding common technology components
IT asset management
Job scheduling
End user computing
System performance management
Problem and incident management
Change management, configuration management, and patch management
IT service level management
Evaluating the database management process
Summary
Assessment
12
Business Resilience
Business Resilience
Business impact analysis
Data backup and restoration
System resiliency
Business continuity plan
Disaster recovery plan
DRP – test methods
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Alternate recovery site
Summary
Assessment
13
Section 5: Protection of Information Assets
Section 5: Protection of Information Assets
14
Information Asset Security and Control
Information Asset Security and Control
Information asset security frameworks, standards, and guidelines
Privacy principles
Physical access and environmental controls
Identity and access management
Biometrics
Summary
Assessments
15
Network Security and Control
Network Security and Control
Network and endpoint devices
Firewall types and implementation
VPN
Voice over Internet Protocol (VoIP)
Wireless networks
Email security
Summary
Assessments
16
Public Key Cryptography and Other Emerging Technologies
Public Key Cryptography and Other Emerging Technologies
Public key cryptography
Elements of PKI
Cloud computing
Virtualization
Mobile computing
Summary
Assessments
17
Security Event Management
Security Event Management
Security awareness training and programs
Information system attack methods and techniques
Security testing tools and techniques
Security monitoring tools and techniques
Incident response management
Evidence collection and forensics
Summary
Assessments
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Types of audit and assessment

CISA candidates are expected to have a basic understanding of the various types of audits that can be performed, internally or externally, and the basic audit procedures associated with each of them. These are as follows:

Type of Audit

Description

IS audit

An IS audit is conducted to evaluate and determine whether an information system and any related infrastructure is adequately safeguarded and protected to maintain confidentiality, integrity, and availability.

Compliance audit

CA or more specifically, a compliance audit is conducted to evaluate and determine whether specific regulatory requirements are being complied with.

Financial audit

A financial audit is conducted to evaluate and determine the accuracy of financial reporting.

A financial audit involves a detailed and substantive testing approach.

Operational audit

An operational audit is conducted to evaluate and determine the accuracy of an internal control system.

It is designed to assess issues related to the efficiency of operational productivity within an organization.

Integrated audit

Here, different types of audit are integrated to combine financial, operational, and other types of audits to form a multi-faceted audit.

An integrated audit is performed to assess the overall objectives to safeguard an asset's efficiency and compliance.

It can be performed both by internal auditors or external auditors.

An integrated audit includes compliance tests of internal controls.

Specialized audit

A specialized audit includes the following:

  • A third-party service audit
  • A fraud audit
  • A forensic audit

Computer forensic audit

A computer forensic audit includes the analysis of electronic devices.

An IS auditor can help in performing forensic investigations and conduct an audit of the system to ensure compliance.

Functional audit

A functional audit is conducted to evaluate and determine the accuracy of software functionality.

A functional audit is conducted prior to software implementation.

The following diagram shows various audits combined to form an integrated audit, giving an overall view of an organization's functioning:

As you can see, integrated audit tests the internal controls of an organization. It can be performed either by the internal audit team or an external audit firm.

Self-evaluation questions

  1. Which audit is designed to collect and evaluate an information system and any related resources?
    1. Compliance audit
    2. Operational audit
    3. IS audit
    4. Specialized audit
  1. Which audit involves specific tests of controls to demonstrate adherence to specific regulatory or industry standards?
    1. Operational audit
    2. Compliance audit
    3. Integrated audit
    4. Financial audit
  1. Which audit assesses the overall objectives within an organization in terms of safeguarding an asset's efficiency and compliance?
    1. Operational audit
    2. Compliance audit
    3. Integrated audit
    4. Financial audit
  2. Which audit involves the independent evaluation of software products, verifying it's configuration items?
    1. Functional audit
    2. Integrated audit
    3. Specialized audit
    4. Compliance audit
  3. In which audit can an IS auditor assist a forensic specialist in performing forensic investigations and conduct an audit of the system to ensure compliance?
    1. Specialized audit
    2. Integrated audit
    3. IS audit
    4. Computer forensic audit
  4. Which audit is designed to assess issues related to the efficiency of operational productivity within an organization?
    1. Administrative audit
    2. Integrated audit
    3. Compliance audit
    4. Operational audit
Previous Section
End of Section 7
Next Section