Domain 1 – The process of auditing information systems
IT –audit: definition, basic concepts, goals and objectives;
Overview of standards, tools and approaches used in IT audit;
Risks assessment within audit process;
Techniques of planning and management of the audit process;
Collection of the information and audit evidence.
Management of the IS Audit Function
ISACA IT Audit and Assurance Standards and Guidelines
Risk Analysis
Internal Controls
Performing an IS Audit
Control Self-Assessment
The Evolving IS Audit Process
Domain 2 – Governance and Management of IT
IT strategy, policies, standards and procedures;
Risk management within organisation;
IT governance, organisational structure and segregation of duties;
Maturity and process improvement models;
IS management practices;
Business continuity planning.
Information Systems Strategy
Maturity and Process Improvement Models
IT Investment and Allocation Practices
Policies and Procedures
Risk Management
Human Resources Management (before, during and after)
IS Organizational Structure and Responsibilities
Auditing IT Governance Structure and Implementation
Auditing Business Continuity
Domain 3 – Systems and infrastructure life cycle management
Project management practices;
Methodology and tools for software development;
Configuration and releases management;
Data migration and information systems implementation;
Goals and practices of system launch quality assessment.
Business realization
Project Management Structure
Project Management Practices
Business Application Development
Business Application Systems
Alternative Development Methods
Infrastructure Development/Acquisition Practices
Information Systems Maintenance Practices
System Development Tools and Productivity Aids
Process Improvement Practices
Application Controls
Auditing Systems Development, Acquisition and Maintenance
Domain 4 – Information systems operations, maintenance and support
Practices in IT services management and operational management;
Planning and capacity management;
Problems and incidents management;
Disaster recovery planning and plans testing.
Information Systems Operations
Information Systems Hardware
IS Architecture and Software
IS Network Infrastructure
Auditing Infrastructure and Operations
Disaster Recovery Planning
Domain 5 – IT security audit
Information security controls;
Access management;
IT infrastructure security
Logical Access
Network Infrastructure Security
Auditing Information Security Management Framework
Auditing Network Infrastructure Security
Physical Access Exposures and Controls
Mobile Computing