CISA Prep Course

Starting August 1, 2024, the CISA exam undergoes significant updates.

As of August 1, 2024, ISACA's Certified Information Systems Auditor (CISA) certification is undergoing important changes in its job practice areas. The certification will feature updated content outlined in the Exam Content Outline (ECO). It's imperative for candidates who wish to take test after August 1st,  to be aware of these modifications to adequately prepare for the examination.

What is changing

While the five domain headings remain as is, there are adjustments in the percentage distribution across domains in the 2024 ECO compared to the 2019 ECO, as well as some extra material added.

This course is offered in co-operation with ES Learning, an international consulting and training services company based in Riyadh, which is an Authorized Training Organization (ATO) of ISACA International.

ES-Learning is a Saudi company based in Riyadh, specializing in capacity building and professionalization, by providing specialized workshops and programs in the following areas: Business Process Management, Facilitation through Trainings, Quality & Performance Management, Services Design, Strategy.

As ISACA'S ATOs, our partners meet ISACA's high training standards. Courses are taughted by accredited and certified trainers, follow ethical practices, and use ISACA's designated materials to make sure you get the most up to date training.

CISA Prep course offers you the following:

• 30 hours with a thorough overview and key points of the 5 domain areas of  the CISA Exam
• ISACA training material
• Post-training access to the instructor for advice and support
• Analysis of particular topics which are popular exam questions
• Practice on the “Philosophy” of the examinations’ questions and testing conditions
• Reference tools
• 28 CPEs

Following each section, you will work through a series of sample questions to give you a "feel" for the format and the types of questions you will encounter.

The instructor will provide you with many reference tools and study guides, together with the official ISACA training material. 

CISA is an exam that tests experience and experience cannot be taught.  This course will give you specific guidelines in your study by providing an overview of the core knowledge bases included in the CISA examination ‘Common Body of Knowledge’.

Participants should continue to study the course materials and rehearse the sample questions after the course until the exam date.

Important:  If you do not have an IT knowledge background -  i.e. you are an Internal  Auditor, or a Business Executive -  you may want to review our 6-hour fast track course "IT Essentials for non IT Auditors".  This course will quickly walk you through basic IT knowledge and best practices of IT Systems and IT Audit principles, to help you better understand all CISA domains.

The CISA certification is ideal for entry-level to mid-career professionals who are planning, executing and reporting on IT audit projects and tasks. Typical participants of this course are:

• IT Auditors, or experienced professionals working in audit projects
• IT managers
• Information Security professionals
• System Analysts
• IT consultants
• Experienced IT Professionals

CISA Certification pre-requisites

To certify with CISA, you must pass the CISA exam and also meet the following prerequisites:

A minimum of 5 years of experience in information systems auditing, control or security (as described in the CISA job practice areas), within the past 10 years from the date you submit your application..  This experience must be in at least one CISA Job Practice Area. Substitutions and waivers may apply for up to 3 years of experience, as follows:

• 1 year of generic information systems experience or 1 year of non-IS auditing experience can be substituted for 1 year of experience
• A 2-year or 4-year university degree can be substituted for 1 or 2 years of experience respectively
• A master’s degree in information security or information technology from an ISACA accredited university can be substituted for 1 year of experience

Introduction to CISA:  Approaching the CISA Examination

• About the exam
• About CISA Certifiction
• Basis of the CISA Exam
• Percentage of test questions and survey results
• Exam scoring
• Preparing for the exam

Domain 1: The Process of Auditing Information Systems (18%)

• Plan an audit to determine whether information systems are protected, controlled, and provide value to the enterprise.
• Conduct an audit following IS audit standards and a risk-based IS audit strategy.
• Communicate audit progress, findings, results, and recommendations to stakeholders.
• Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.
• Evaluate IT management and monitoring of controls.
• Utilize data analytics tools to streamline audit processes.
• Provide consulting services and guidance to the enterprise to improve the quality and control of information systems.
• Identify opportunities for process improvement in the enterprise's IT policies and practices.

Domain 2: Governance and Management of IT (18%)

• Evaluate the IT strategy for alignment with the enterprise’s strategies and objectives.
• Evaluate the effectiveness of IT governance structure and IT organizational structure.
• Evaluate the enterprise’s management of IT policies and practices.
• Evaluate the enterprise’s IT policies and practices for compliance with regulatory and legal requirements.
• Evaluate IT resource and portfolio management for alignment with the enterprise’s strategies and objectives.
• Evaluate the enterprise’s risk management policies and practices.
• Evaluate IT management and monitoring of controls.
• Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
• Evaluate whether IT supplier selection and contract management processes align with business requirements.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture. Evaluate data governance policies and practices.
• Evaluate the information security program to determine its effectiveness and alignment with the enterprise’s strategies and objectives.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.

Domain 3: Information Systems Acquisition, Development and Implementation (12%)

• Evaluate whether the business case for proposed changes to information systems meet business objectives.
• Evaluate the enterprise's project management policies and practices.
• Evaluate controls at all stages of the information systems development lifecycle.
• Evaluate the readiness of information systems for implementation and migration into production.
• Conduct post-implementation review of systems to determine whether project deliverables, controls, and requirements are met.
• Evaluate change, configuration, release, and patch management policies and practices.

Domain 4: Information Systems Operations, and Business Resilience (26%)

• Evaluate the enterprise’s ability to continue business operations.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate IT operations to determine whether they are controlled effectively and continue to support the enterprise’s objectives.
• Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the enterprise’s objectives.
• Evaluate database management practices.
• Evaluate data governance policies and practices.
• Evaluate problem and incident management policies and practices.
• Evaluate change, configuration, release, and patch management policies and practices.
• Evaluate end-user computing to determine whether the processes are effectively controlled.
• Evaluate policies and practices related to asset lifecycle management.

Domain 5: Protection of Information Assets (26%)

• Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
• Evaluate problem and incident management policies and practices.
• Evaluate the enterprise's information security and privacy policies and practices.
• Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
• Evaluate data classification practices for alignment with the enterprise’s policies and applicable external requirements.
• Evaluate policies and practices related to asset lifecycle management.
• Evaluate the information security program to determine its effectiveness and alignment with the enterprise’s strategies and objectives.
• Perform technical security testing to identify potential threats and vulnerabilities.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.

The Anatomy of a CISA Question

How CISA questions are written

The best approach to the CISA Exam

CISA Exam application & logistics