Certified Information System Auditor (CISA) Bootcamp



There is no pre-requisite to attend the training: however to gain the CISA Certification, there is a minimum requirement of 5 years of professional information systems auditing, control or security work experience. Substitutions and waivers of such experience may be obtained if certain education and general information systems or audit experience requirements are met.


On successful completion of this course, follow steps mentioned below to earn your CISA. Submit payment for the CISA membership application processing fee of US$ 50 online at www.isaca.org/cisapay.


This course prepares delegates for the CISA examination as outlined by ISACA. It would also immensely benefit professionals responsible for controlling, monitoring and assessing an organization's information technology and business systems and also those aspiring to make career in information systems audit. The participants mix includes -


  • Internal and external auditors
  • Finance / CPA professionals
  • Information Technology professionals
  • Information Security professionals


  • Hasnain Rizvi is CISA/CISM practitioner and an instructor
  • Hasnain have excellent coaching and mentoring skills and he is a great public speaker
  • Lead Author for "PMP in 28 Days" Study Guide


The course and examination covers the current, official ISACA material in the following areas:

  • The process of auditing information systems
  • Governance and management of information technology
  • Information Systems acquisition, development and implementation
  • Information Systems operations, maintenance and support
  • Protection of information assets
  • Practice exams will be provided
  • Case studies will also be discussed to bring to life some of the theoretical concepts


  • Gain an in-depth understanding of the tasks and knowledge expected of a professional information systems auditor.
  • Acquire and maintain the level of knowledge required to meet the challenges of a modern enterprise
  • Provide increased credibility for your organization when working with clients and vendors.
  • The certification provides strong criteria to help management in the selection or personnel and development.
  • Update your knowledge, competence and skills


Duration: 3 days
Instructor-Led Classroom Training


1. The IS Audit Process

  • ISACA IS Auditing Standards, Guidelines & Procedures; IS auditing practices and techniques (e.g., observation, inquiry, interview, electronic media); The evidence life cycle; Control objectives and controls related to IS; Risk assessment in an audit context; Audit planning and management techniques
  • Reporting and communication techniques (e.g., facilitation, negotiation, conflict resolution); Control self-assessment (CSA); Continuous audit techniques

2. IT Governance

  • The purpose of IT strategies for an Organization; IT governance frameworks
  • The processes for the development, implementation and maintenance of IT strategies; Quality management strategies and policies; Organizational structure, roles and responsibilities; Generally accepted international IT standards and guidelines; Enterprise IT architecture; Risk management methodologies and tools; The use of control frameworks; The use of maturity and process improvement models
  • Contracting strategies, processes and contract management practices Relevant legislative and regulatory issues; IT human resources (personnel) management; IT resource investment and allocation practices

3. Infrastructure Life Cycle

  • Benefits management practices; Project governance mechanisms Project management practices, tools, and control frameworks
  • Risk management practices applied to projects; Project success criteria and risks; Configuration, change and release management
  • Enterprise architecture related to data, applications, and technology
  • Requirements analysis and management practices
  • Acquisition and contract management processes; System development methodologies

4. Quality Assurance Methods

  • The management of testing processes
  • Data conversion tools, techniques, and procedures; System and/or infrastructure disposal procedures
  • Software and hardware certification and accreditation practices
  • Post-implementation review objectives and methods; System migration and infrastructure deployment practices

5. IT Service Delivery & Support

  • Service level management practices
  • Operations management best practices; Systems performance monitoring processes; The functionality of hardware and network components
  • The functionality of system software Processes for managing scheduled and emergency changes to the production systems; Incident/problem management practices; Software licensing and inventory practices
  • System resiliency tools and techniques

6. Protection of IS Assets

  • The techniques for the design, implementation and monitoring of security; Logical access controls for the identification, authentication; Logical access security architectures
  • Attack methods and techniques; Processes related to monitoring and responding to security incidents; Network and Internet security devices, protocols, and techniques
  • Intrusion detection systems and firewall configuration; Encryption algorithm techniques; Virus detection tools and control techniques; Security testing and assessment tools; Environmental protection practices and devices; Physical security systems and practices
  • Data classification schemes; Voice communications security
  • The processes and procedures used to store, retrieve, transport, and dispose of confidential information assets
  • Controls and risks associated with the use of portable and wireless devices

7. Business Continuity and Disaster Recovery

  • Data backup, storage, maintenance, retention and restoration processes; Regulatory, legal, contractual, and insurance issues
  • Business impact analysis (BIA); Development and maintenance of the business continuity and disaster recovery plans; Business continuity and disaster recovery testing approaches