Module 1 - The Process of Auditing Information Systems

Module 2 - Goverance and Management of IT

Module 3 - Information Systems Acquisition, Development, and
Implementation
Module 4 - Information Systems Operation, Maintenance, and Support

Module 5 - Protection and Information Assets

Task Statements

Knowledge Statements

Executive Misconduct and Relevant Regulations

Regulatory Objectives and Assessing Threats and Vulnerabilities

Leadership through Governance

Undertanding Policies, Standards, Guidelines and Procedures

Understanding Professional Ethics

Understanding the Purpose of an Audit

Implementing Audit Standards

The Executive Position of Auditor

Understanding the Corporate Organizational Structure

Exam Essentials

Task Statements and Knowledge Statements

Managing IT Governance (part 1)

Managing IT Governance (part 2)

Tactical Management (part 1)

Tactical Management (part 2)

Business Process Re-engineering (part 1)

Business Process Re-engineering (part 2)

Operations Management

Exam Essentials

Task Statements and Knowledge Statements

Audit Process (part 1)

Audit Process (part 2)

Performing the Audit

Gathering Audit Evidence

Conducting Audit Evidence Testing

Report Findings and Conduct Follow-Up

Task Statements and Knowledge Statements

System Implementation and Operations

Understanding IT Services

IT Operations Management

Administrative Protection

Problem Management

Monitoring Controls Status

Implementing Physical Protection

Exam Essentials
Protection of Information Assets

Technical Protection part 1

Technical Protection part 2

Exam Essentials
This lesson covers task statements. This lesson discusses the IT Audit Process which is
Domain 1. Task statements help a company assess a situation and develop a risk based
IT audit strategy. [toggle_content title="**Transcript**"] So let's start ta...

This lesson covers knowledge statements which is in Domain 1. Knowledge statements

are used to measure and assess risk and therefore, be able to manage it. This lesson
emphasizes having a strong methodology and steps to produce a strong final result...

This lesson covers auditor methods that are geared towards success. This lesson covers
different kinds of audits and how the auditor communicate with the auditee. This lesson
also discusses corporate fraud with statistics drawn from the US Securitie...

This lesson covers the objectives of regulation with an emphasis on operational integrity.
This lesson discusses how an IS auditor's job for their clients is to discover assets,
threats and vulnerabilities to assess risks and then find the tools to ...
This lesson focuses on governance, which is managing the organization as a whole. If an
organization is not managed carefully, then there could be issues. IS auditors must
familiarize themselves with various policies and rules within organizations. ...

This lesson focuses on understanding the differences between policies, standards,

guidelines and procedures. A policy is something that is mandatory. A standard is not
something that is mandatory; it has more to do with how we decide what a policy a...

This lesson focuses on ethics, doing the right thing at the right time, every time. This
lesson focuses on the ISACA code; which is the code IS auditors which is the standard
set forth by the Information Systems and Audit Control Association (ISACA)...

This lesson covers audits. Audits occur when issues that are not in compliance with
company policy are discovered. This lesson discusses the three types of audits: - Internal
audits and assessments (also called self-assessments) - External - In...
This lesson focuses on implementing audit standards. IS auditors are able to rely on well-
established industry standards. This lesson discusses two types of standards: - Parent
Class with Broad Application across a Wide Variety of Industries - I...
This lesson focuses on the role of the auditor in making observations and what they find
has a lot of bearing on the organization. Auditors really need to be aware of confidentiality
and how it relates the information they have access too. The resul...
This lesson focuses on understanding the corporate structure and discusses the various
roles in a corporate structure: - The Board of Directors - Audit and Oversight Committee -
Chief Executive Officer (CEO) - Chief Operating Officer (COO) ...
This lesson covers the necessary tools for the exam. Examinees need to make sure they
know the following: - Purpose, policies, standards, guidelines and procedures - ISACA
standards - The general purpose of the audit and the role of the auditor...

This lesson covers Domain 2; IT Governance. This lessons discusses the following task
statements: 1. Evaluating the effectiveness of IT Governance 2. Evaluating the IT
organizational structure 3. Evaluating the IT strategy 4. Evaluating IT policies ...
This lesson covers managing IT governance and discusses the issues surrounding IT
governance. This lessons discusses the following: - High level management objectives to
be verified by the auditor - Strategic planning - Long term planning - Operatio...

This lesson discusses decoding the strategy for IT. Basically, for each department that
generates revenue for a company, we must know their responsibilities. This lesson also
discusses strategies: - Advisory - Regulatory - Informational This unit al...

Tactical management is the idea that the organization needs to decide what to do on a
regular (e.g. week to week, month to month) basis. These are tactics which are done to
support a strategy. This lesson discusses how an organization can make a pla...

This lesson covers implementing government IT standards and discusses the following: -
Intellectual property - Data integrity - Mandatory control This lesson also discovers the
importance of Human Resources (HR) work in making sure the people workin...

This lesson covers business process re-engineering. This is the idea that organizations
are always in need of improving processes and procedures to make sure they stay on top
of a competitive market. At the same time businesses must be aware that ch...

This lesson discusses the role of information systems when it comes to Business
Process Re-engineering (BPR). This lessons covers Business Process Documentation
using the following tools: - Process maps - Risk assessment - Benchmarking This lesson
a...

This lesson covers operations management. Operations management is about making

the every running of an organization as efficient as possible. To make an organization run
as well as possible, the following are needed: - Effective leadership - Adequa...

This lesson covers what is needed to pass the exam, including how to evaluate an IT
government structure and how management style fits into the governance of an
organization. [toggle_content title="**Transcript**"] Alright, so, wrapping up module 2;...

This lesson covers Domain 3 which is about IS acquisition, development and

implementation and centers on providing assurance that the practices for the acquisition,
development and testing of information systems meet the organization's strategies an...

This lesson discusses the process of planning an audit. This lesson covers topics such
as audit programs; which has both a program as well as a project management aspect.
An organization's size and complexity affects an audit program and how many re...

This lesson covers the audit charter, which is the authority issued by an organization's
executive management to perform an audit. Participants learn about the audit committees
within an organization, these are the people who make sure audits progre...

This lesson covers performing the audit, making sure the right staff is assembled and that
everyone is aware of their roles. Organizations can create a skills matrix which can help
the auditor decide where to place resources in the audit. It is also...
This lessons discusses gathering audit evidence and focuses on two types: Direct:
Proves existence of a fact Indirect: more circumstantial and based on inference This
lesson also discusses statistical sampling techniques: - Random sampling - Cell sa...

This unit covers audit evidence testing. There are two types: - Compliance: this is to
discover the absence of presence of something - Substantive: uses formulas to obtain
information Participants also learn how to record test results and talks abou...
This lesson covers how to create a report to show what was discovered in an audit. The
report contains the following: 1. Audit scope 2. Audit objectives 3. Methods and criteria
used 4. Nature of findings 5. Extent of work performed 6. Applicable dat...

This lesson covers Domain 4; which is about operations, maintenance and support.
Participants learn about task statements. Examples include: - Conduct periodic reviews
on information systems to determine whether they continue to meet the organizatio...

This lessons continues to cover knowledge statements. Examples include: - Knowledge

of the Information Infrastructure Library - Knowledge of the IT control functionary of IT
infrastructure Participants also learn about physical security components a...

This lessons discusses IT services and what's involved in their daily operations.
Participants learn about IT Operations problems and ways organizations try to solve
them. This lesson also discusses IT Leadership Objectives. [toggle_content title="*...

This lessons covers IT operations management. IT operations management consists of

the following: - Management of the IT department - IT asset management - Systems
lifestyle - IT policies This unit also covers IT Functional Objectives: - IT procedur...

This unit covers administrative protection which are the management controls used to
provide written policy and procedure guidance for workers. The main focus of this unit is
Information Security Management which consists of the following: - Chief I...

This unit covers problem management. Problem management is about how a response is
provided in a timely manner relative to defined procedures such as escalation. Problem
management is needed to manage the following: - Procedures vs actual work - Ine...

This lesson covers IT service delivery controls and system monitoring which includes: -
Hardware - Software - Centralized System logging - Network Device monitoring - Uptime-
downtime reporting This unit also discusses log management, how to effectiv...

This lesson discusses implementing physical protection to protect physical assets. In a

company. Methods of protection might include: - Closed circuit television - Guards -
Traditional tumbler lock (uses a traditional key) - Electronic lock - Cipher...

This lessons covers what is needed for the exam. Examinees need to know about: 2.
Service level management practices 3. The principles of IT Operations management 4.
Issues surrounding software licensing 5. Production control, release management and...
This lesson covers Domain 5: Protection of Information Assets. This provides assurance
that the organizations security policies, standards, procedures and controls ensure the
confidentiality, integrity and availability of information assets. This le...

This lesson covers technical protection, which are also called logical protections. These
are hardware or software controls which allow or prevent access to a resource. There are
several technical control classifications; examples include: - Mandato...

This lesson covers wireless local area networks (LANS). Some types of LANS are: -
Station (STA) - Access Point (AP) - Cell This lesson discusses different methods of
allowing access to a wireless LAN (such as authentication and shared keys). Partici...

This lesson covers what is necessary to know in order to pass the exam, some things
needed are being able to recognize different types of technical attacks and motives of
malicious users. Participants also need to know about different types of encry...
6 minutes

8 minutes

10 minutes

7 minutes

3 minutes

14 minutes

10 minutes

15 minutes

15 minutes

25 minutes

9 minutes

6 minutes

13 minutes
20 minutes

22 minutes

11 minutes

15 minutes

16 minutes

16 minutes

4 minutes

2 minutes

6 minutes

21 minutes

21 minutes

19 minutes
19 minutes

12 minutes

5 minutes

8 minutes

2 minutes

2 minutes

25 minutes

12 minutes

10 minutes

16 minutes

9 minutes

2 minutes
14 minutes

20 minutes

22 minutes

2 minutes