Professional Documents
Culture Documents
Cisa Good Notes Short
Cisa Good Notes Short
Accreditations/certifications (selected): CISA, CISM, CRISC, CASP, Security+, Project+, Network+, Server+, Approved
Trainer: (MoP, MSP, PRINCE2, PRINCE2 Agile, M_o_R, MoV, P3O, ITIL Expert, RESILIA), ASL2, BiSL, Change Management,
Facilitation, Managing Benefits, COBIT5, TOGAF 8/9L2, OBASHI, CAPM, PSM I, SDC, SMC, ESMC, SPOC, AEC, DSDM Atern,
DSDM Agile Professional, DSDM Agile Trainer-Coach, AgilePM, OCUP Advanced, SCWCD, SCBCD, SCDJWS, SCMAD, ZCE 5.0,
ZCE 5.3, MCT, MCP, MCITP, MCSE-S, MCSA-S, MCS, MCSA, ISTQB, IQBBA, REQB, CIW Web Design / Web Development /
Web Security Professional, Playing Lean Facilitator, DISC D3 Consultant, SDI Facilitator, Certified Trainer Apollo 13 ITSM
Simulation …
www.miroslawdabrowski.com
M00 - Course introduction 8/8 | 8/623
1. Overview of the CISA certification
2. Domain 1 - The Process of Auditing
Information Systems
3. Domain 2 - Governance and
Management of IT
4. Domain 3 - Information Systems
Acquisition, Development, and
Implementation
5. Domain 4 - Information Systems
Operations, Maintenance and
Service Management
6. Domain 5 - Protection of Information
Assets
M01 - Overview of the CISA certification 2/9 | 10/623
Domain 1
The Process of Auditing Information
Systems
Domain 2
Governance and Management of IT
Domain 3
Information Systems Acquisition,
Development, and Implementation
Domain 4
Information Systems Operations,
Maintenance and Support
Domain 5
Protection of Information Assets
7. Develop
8. Assign
Auditing
Resources
Strategy
Control risk
Errors that bypass controls
Inherent Risk
The susceptibility of an account balance, disclosure or class of transactions, considered at
the assertion level, to a material misstatement, assuming there are no related controls.
Control Risk
The risk that a material misstatement that could occur in an account balance, disclosure
or class of transactions, considered at the assertion level, will not be prevented or
detected and corrected on a timely basis by the client’s internal control system.
Detection Risk
The risk that the auditors will not detect a material misstatement that exists in an
account balance, disclosure, or class of transactions assertion considered at the assertion
level.
Perform Risk
Perform Risk
Treatment (RT) Perform Periodic Risk
Mitigation (RM)
[Treat existing risks Revaluation
[Map Risks with
not mitigated by (BO, RA, RM, RT)
controls in place]
existing controls]
• Review access
• User registration • Penalty • Business
logs
(Administrative)
Management
• Physical barriers
• User
Physical / Operational
• Locks
behavioral
• Badge system • Monitor access
modification
• Security Guard • Motion
• Procedure • Modify and
• Mantrap doors detectors
update
• Effective hiring • CCTV
physical
practice
barriers
• Awareness training,
• User
authentication • Log access and • Isolate,
• Multi-factor transactions terminate • Backups
Technical
P6 Firewalls 01.08.2003
Standards
Framework
for the ISACA
IS Auditing
Standards
Procedures Guidelines
S2 • Professional independence
Independence • Organizational independence
S6 • Supervision
Performance of • Evidence
• Documentation
Audit Work
… … …
Evaluate the controls to determine the basis for reliance and the nature,
scope and timing of substantive tests
Use two types of substantive tests to evaluate the validity of the data
MIROSLAWDABROWSKI.COM/downloads