Professional Documents
Culture Documents
1.
2.
Need to know the steps to perform audit planning. In the CISA review manual
on page 34, look at Exhibit 1.2 and commit those steps to memory
3.
Take an ink pen and write on your hand Gain an understanding of the
businesss mission, objectives, purpose and processes. IMPORTANT this shows
up in about 3-4 questions on the exam.
4.
2)
1.
2.
Memorize G5, G10, G18, and G19. Guidelines G41 and G42 are recent
additions to CISA and ROSI is receiving a lot of press. So be familiar with the
concept of Return on Security Investment and how to calculate it. For example,
lets say you spend $500,000 of anti-virus software for your enterprise and your
boss wants justification for why he/she should continue to spend that kind of
money when there havent been any virus infections in the last year. You
respond with, Youre absolutely right; there havent been any virus infections in
the last year. However, two years ago when we did have a virus infection it cost
the company $15,000 in additional overtime to clean up after the virus infection.
Our incident response team says were blocking about 500 to 700 virus a day,
so if we say just 1 virus a day gets thru and multiplying it by the cost to recover
$15,000 that comes out to about $5.4 million dollars in overtime savings alone.
I think your boss will be impressed with your ROSI.
3.
4.
3)
Risk Analysis
1.
2.
4)
Internal Controls
1.
2.
Understand how CobiT fits into ISACAs idea of supporting IT governance and
management
3.
5)
Performing an IS Audit
1.
2.
Know the different types of audits, read closely integrated audits and forensic
audits
3.
Know the different phases of an audit, in other words memorize Exhibit 1.5 on
page 53
4.
Understand the concept of risk based auditing including inherent, control, and
detection risks.
5.
6.
Sampling is a section in the Review Manual that you just have to memorize,
thats it, memorize page 60 of the CISA manual
6)
1.
7)
1.
Control Self-Assessment
Your role is as a facilitator
The Evolving IS Audit Process
Integrated auditing means you work with the financial auditor on an audit
which is based on RISK
2.
The first domain is a basis for understanding the whole area of Certified Information Systems
Auditor, and without a grasp of the basic fundamentals you cannot be successful in the other
domains.