Course Content
Domain 1: Information Systems Audit Process:
- Developing a risk-based IT audit strategy
- Planning specific audits
- Conducting audits to IS audit standards
- Implementation of risk management and control practices
Domain 2: IT Governance and Management:
- Effectiveness of IT Governance structure
- IT organisational structure and human resources (personnel) management
- Organisation’s IT policies, standards, and procedures
- Adequacy of the Quality Management System
- IT management and monitoring controls
- IT resource investment
- IT contracting strategies and policies
- Management of organisations IT-related risks
- Monitoring and assurance practices
- Organisation business continuity plan
Domain 3: Information Systems Acquisition, Development, and Implementation:
- Business case development for IS acquisition, development, maintenance, and retirement
- Project management practices and controls
- Conducting reviews of project management practices
- Controls for requirements, acquisition, development, and testing phases
- Readiness for Information Systems
- Project Plan Reviewing
- Post Implementation System Reviews
Domain 4: Information Systems Operations, Maintenance, and Support:
- Conduct periodic reviews of organisations objectives
- Service level management
- Third party management practices
- Operations and end-user procedures
- Process of information systems maintenance
- Data administration practices determine the integrity and optimisation of databases
- Use of capacity and performance monitoring tools and techniques
- Problem and incident management practices
- Change, configuration, and release management practices
- Adequacy of backup and restore provisions
- Organisation’s disaster recovery plan in the event of a disaster
Domain 5: Protection of Information Assets:
- Information security policies, standards and procedures
- Design, implementing, monitoring of system and logical security controls
- Design, implementing, monitoring of data classification processes and procedures
- Design, implementing, monitoring of physical access and environmental controls
- Processes and procedures to store, retrieve, transport and dispose of information assets