CISA Exam Syllabus: The 5 Domains
Domain 1: The process of auditing information systems (21%)
Domain 2: Governance and management of IT (16%)
Domain 3: Information systems acquisition, development, and implementation (18%)
Domain 4: Information systems operations, maintenance and support (20%)
Domain 5: Protection of information assets (25%)
1. The Process of Auditing Information Systems
The first domain covers how IT auditors provide services in accordance with IT audit standards, to assist the organization in protecting and controlling information systems.
The tasks include developing and implementing a risk-based IT audit strategy, planning and conducting the audit, and reporting findings.
2. Governance and Management of IT
The second domain covers how IT auditors provide assurance regarding structures and processes that are in place.
3. IS Acquisition, Development, and Implementation:
The third domain covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization?s strategies and objectives.
4. IS Operations, Maintenance and Support
Provide assurance that the processes for information systems operations, maintenance and support meet the organizations strategies and objectives which includes periodic review of Information Security, evaluation of service level management practice, end user procedure and process for information system maintenance.
5. Protection of Information Assets
The last domain covers how IT auditors provide assurance that the organizations security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.
|