Domain 1 – The process of auditing information systems IT –audit: definition, basic concepts, goals and objectives; Overview of standards, tools and approaches used in IT audit; Risks assessment within audit process; Techniques of planning and management of the audit process; Collection of the information and audit evidence. Management of the IS Audit Function ISACA IT Audit and Assurance Standards and Guidelines Risk Analysis Internal Controls Performing an IS Audit Control Self-Assessment The Evolving IS Audit Process Domain 2 – Governance and Management of IT IT strategy, policies, standards and procedures; Risk management within organisation; IT governance, organisational structure and segregation of duties; Maturity and process improvement models; IS management practices; Business continuity planning. Information Systems Strategy Maturity and Process Improvement Models IT Investment and Allocation Practices Policies and Procedures Risk Management Human Resources Management (before, during and after) IS Organizational Structure and Responsibilities Auditing IT Governance Structure and Implementation Auditing Business Continuity Domain 3 – Systems and infrastructure life cycle management Project management practices; Methodology and tools for software development; Configuration and releases management; Data migration and information systems implementation; Goals and practices of system launch quality assessment. Business realization Project Management Structure Project Management Practices Business Application Development Business Application Systems Alternative Development Methods Infrastructure Development/Acquisition Practices Information Systems Maintenance Practices System Development Tools and Productivity Aids Process Improvement Practices Application Controls Auditing Systems Development, Acquisition and Maintenance Domain 4 – Information systems operations, maintenance and support Practices in IT services management and operational management; Planning and capacity management; Problems and incidents management; Disaster recovery planning and plans testing. Information Systems Operations Information Systems Hardware IS Architecture and Software IS Network Infrastructure Auditing Infrastructure and Operations Disaster Recovery Planning Domain 5 – IT security audit Information security controls; Access management; IT infrastructure security Logical Access Network Infrastructure Security Auditing Information Security Management Framework Auditing Network Infrastructure Security Physical Access Exposures and Controls Mobile Computing