Copyright VAMAIT INC 2017
Contactez-nous
514-718-1860
info@vamait.com
VAMAIT | CERTIFICATION CISA
305
page-template-default,page,page-id-305,ajax_fade,page_not_loaded,,qode_grid_1300,side_area_uncovered_from_content,footer_responsive_adv,qode-content-sidebar-responsive,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive
 

CERTIFICATION CISA

Objectifs

CISA (Certified Information Systems Auditor) est une certification très en demande pour tout professionnel évoluant dans le domaine des technologies de l’information et des télécommunications. Cette formation vous donne les outils nécessaires pour passer la certification CISA qui est très recherchée par les employeurs. De plus, elle met en évidence vos capacités et vos atouts distinctifs auprès de vos collègues, de votre patron et de vos clients. La méthode est personnalisée et rapide.

Personnes Ciblées

Professionnels en technologie de l’information, en génie, en télécommunication et toute autre personne intéressée par la gestion des processus.

Pré-requis

Expériences en technologie de l’information ou en comptabilité.

Maximum de personnes par session: 5

La certification CISA est importante pour les raisons suivantes entre autres

1. Avoir des connaissances pour faire une différence en audit, sécurité, control et assurance
2. Trouver un meilleur emploi dans un marché compétitif
3. Se positionner pour son avancement et celui de l’entreprise
4. Asseoir sa crédibilité auprès de ses collègues, de son patron et ses clients
5. Gagner du temps, de la productivité (efficacité, efficience, etc) dans son travail
6. Avoir un meilleur salaire

Certification

Date

CISA

1500$
5 jours (40 heures)



Samedi 18 Février
Dimanche 19 Février
Samedi 11 Mars
Dimanche 12 Mars
Samedi 25 Mars

CISA

1500$
5 jours (40 heures)



Dimanche 26 Mars
Samedi 8 Avril
Dimanche 9 Avril
Samedi 22 Avril
Dimanche 23 Avril

CISA

1500$
5 jours (40 heures)



Samedi 20 Mai
Dimanche 21 Mai
Samedi 27 Mai
Dimanche 28 Mai
Samedi 3 Juin

CISA

1500$
5 jours (40 heures)



Dimanche 4 Juin
Samedi 10 Juin
Dimanche 11 Juin
Samedi 17 Juin
Dimanche 18 Juin

CISA Review Course

Curriculum

 

A-     Self-assessment

B-    Discuss specific topics within the chapters relevant to the exam

Domain 1—The Process of Auditing Information Systems (14%)

Exam Relevance

Learning Objectives

Task statement

Knowledge statement

1.1   ISACA IT Audit and Assurance Standards

1.1.1        Organization of the IS Audit Function

1.1.2        IS Audit Resource Management

1.1.3        Audit Planning

1.1.4        Effect of Laws and Regulations on IS Audit Planning

 

1.2   ISACA IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards

1.2.1        ISACA Code of Professional Ethics

1.2.2        ISACA IS Audit and Assurance Standards Framework

1.2.3        ISACA IS Audit and Assurance Guidelines

1.2.4        ISACA IS Audit and Assurance Tools and Techniques

1.2.5        Relationship Among Standards, Guidelines, and Tools and Techniques

1.2.6         Information Technology Assurance Framework (ITAF™)

 

1.3   Risk assessment concepts, tools and techniques in an audit context

1.3.1        Risk Analysis

1.3.2        Risk-based Auditing

1.3.3        Risk Assessment and Treatment

1.3.4        Risk Assessment Techniques

 

1.4   Control objectives and controls related to information systems

1.4.1        Internal Controls

1.4.2        IS Control Objectives

1.4.3        General Controls

1.4.4        IS Controls

1.4.5        Compliance vs. Substantive Testing

 

1.5    COBIT 5

1.5.1        Principle 1: Meeting Stakeholder Needs

1.5.2        Principle 2: Covering the Enterprise End-to-end

1.5.3        Principle 3: Applying a Single Integrated Framework

1.5.4        Principle 4: Enabling a Holistic Approach

1.5.5        Principle 5: Separating Governance From Management

 

1.6   Audit planning and audit project management techniques, including follow-up

1.6.1        Performing an IS Audit

1.6.2        Classification of Audits

1.6.3        Audit Programs

1.6.4        Audit Methodology

1.6.5        Fraud Detection

1.6.6        Risk-based Auditing

1.6.7        Audit Risk and Materiality

1.6.8        Audit Objectives

1.6.9        Communicating Audit Results

1.6.10     Management Implementation of Recommendations

1.6.11     Audit Documentation

 

1.7   evidence collection techniques used to gather, protect and preserve audit evidence

1.7.1        Evidence

1.7.2        Interviewing and Observing Personnel in Performance of Their Duties

 

1.8   Different sampling methodologies

 

1.9   Audit quality assurance systems and frameworks

1.9.1        Using the Services of Other Auditors and Experts

1.10       Computer-assisted Audit Techniques

1.10.1     Evaluation of Audit Strengths and Weaknesses

 

1.11 Control Self-Assessment

1.11.1      Objectives of CSA

1.11.2      Benefits of CSA

1.11.3      Disadvantages of CSA

1.11.4      Auditor Role in CSA

1.11.5     Technology Drivers for CSA

1.11.6     Traditional vs. CSA Approach

 

1.12 Integrated Auditing

 

1.13 Continuous Auditing
Domain 2—Governance and Management of IT (14%)

Exam Relevance

Learning Objectives

Task statement

Knowledge statement

2

2.1   IT governance, management, security and control frameworks, and related standards, guidelines, and practices

2.1.1        Corporate Governance

2.1.2        Governance of Enterprise IT

2.1.3        Best Practices for Governance of Enterprise IT

2.1.4        Information Security Governance

 

2.2   purpose of IT strategy, policies, standards and procedures for an organization and the essential elements of each

 

2.2.1        Policies and Procedures

2.2.2        Strategic Planning

2.2.3        Steering Committee

 

2.3   organizational structure, roles and responsibilities related to IT

2.3.1        Human Resource Management

2.3.2        IS Organizational Structure and Responsibilities

2.3.3        IS Roles and Responsibilities

2.3.4        IT Governing Committees

2.3.5        Auditing IT Governance Structure and Implementation

2.3.6        Segregation of Duties Within IS

 

2.4   processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures

 

2.5   Organization’s technology direction and IT architecture and their implications for setting long-term strategic directions

2.5.1        Enterprise Architecture

2.5.2        Sourcing Practices

 

2.6   Enterprise risk management

2.6.1        Organizational Change Management

2.6.2        Risk Management

2.6.3        Developing a Risk Management Program

2.6.4        Risk Management Process

2.6.5        Risk Analysis Methods

 

2.7   Resource investment and allocation practices, including prioritization criteria

2.7.1        IT Investment and Allocation Practices

2.7.2        Financial Management Practices

 

2.8   Practices for monitoring and reporting of IT performance

2.8.1        Performance Optimization

2.8.2        IT Balanced Scorecard

2.8.3        Maturity and Process Improvement Models

2.8.4        Quality Management

2.8.5        Reviewing Documentation

2.8.6        Reviewing Contractual Commitments

 

2.9   Standards and procedures for the development and maintenance of the business continuity plan and testing methods

2.9.1        Business Continuity Planning

2.9.2        Disasters and Other Disruptive Events

2.9.3        Business Continuity Planning Process

2.9.4        Business Continuity Policy

2.9.5        Business Continuity Planning Incident Management

2.9.6        Business Impact Analysis

2.9.7        Development of Business Continuity Plans

2.9.8        Other Issues in Plan Development

2.9.9        Components of a Business Continuity Plan

2.9.10     Plan Testing

2.9.11     Summary of Business Continuity and Disaster Recovery

2.9.12     Auditing Business Continuity

2.9.13     Reviewing the Business Continuity Plan

2.9.14     Evaluation of Prior Test Results

2.9.15     Evaluation of Offsite Storage

2.9.16     Interviewing Key Personnel

2.9.17     Evaluation of Security at Offsite Facility

2.9.18     Reviewing Alternative Processing Contract

2.9.19     Reviewing Insurance Coverage
Domain 3—Information Systems Acquisition, Development and Implementation (19%)

Exam Relevance

Learning Objectives

Task statement

Knowledge statement

3

3.1   Benefits realization practices

3.1.1        Benefits Realization Techniques

3.1.2        Business Case Development and Approval

 

3.2   Project governance mechanisms

3.2.1        Portfolio/Program Management

3.2.2        Project Context and Environment

3.2.3        Project Organizational Forms

3.2.4        Project Communication and Culture

3.2.5        Project Objectives

3.2.6        Roles and Responsibilities of Groups and Individuals involved in the systems development process

3.2.7        Project Management Practices

 

3.3   Project management control frameworks, practices and tools

3.3.1        Project Planning

3.3.2        Project Controlling

3.3.3        Closing a Project

3.3.4        Business Application Development

3.3.5        Integrated Resource Management Systems

3.3.6        Risk Associated with Software Development

 

3.4   System development methodologies and tools including their strengths and weaknesses

3.4.1        Development Methods

3.4.2        Use of Structured Analysis, Design and Development Techniques

3.4.3        Agile Development

3.4.4        Prototyping-Evolutionary Development

3.4.5        Rapid Application Development

3.4.6        Object-oriented System Development

3.4.7        Component-based Development

3.4.8        Web-based Application Development

3.4.9        Reverse Engineering

 

3.5   Acquisition practices

3.5.1        Infrastructure Development/Acquisition Practices

3.5.2        Project Phases of Physical Architecture Analysis

3.5.3        Planning Implementation of Infrastructure

3.5.4        Hardware Acquisition

3.5.5        System Software Acquisition

 

3.6   control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data

3.6.1        Change Management Process Overview

3.6.2        Configuration Management

3.6.3        Application Controls

3.6.4        Input/Origination Controls

3.6.5        Processing Procedures and Controls

3.6.6        Output Controls

 

3.7   Business Process Control Assurance

3.7.1        Auditing Application Controls

3.7.2        Data Integrity Testing

3.7.3        Data Integrity in Online Transaction Processing Systems

3.7.4        Test Application Systems

3.7.5        Continuous Online Auditing

3.7.6        Online Auditing Techniques

 

3.8   Auditing Systems Development, Acquisition and Maintenance

3.8.1        Project Management

3.8.2        Feasibility Study

3.8.3        Requirements Definition

3.8.4        Software Acquisition Process

3.8.5        Detailed Design and Development

3.8.6        Testing

3.8.7        Implementation Phase

3.8.8        Postimplementation Review

3.8.9        System Change Procedures and the Program Migration Process
Domain 4—Information Systems Operations, Maintenance and Support (23%)

Exam Relevance

Learning Objectives

Task statement

Knowledge statement

4

4.1   Service level management practices and the components within a service level agreement

4.1.1        Information Systems Operations

4.1.2        Management of IS Operations

4.1.3        IT Service Management

4.1.4        Incident and Problem Management

4.1.5        Support/Help Desk

4.1.6        Change Management Process

4.1.7        Release Management

4.1.8        Information Security Management

4.1.9        Capacity Management

4.1.10     Hardware Maintenance Program

4.1.11     Hardware Monitoring Procedures

 

4.2   Monitoring third party compliance with the organization’s internal controls

4.2.1        Software Licensing Issues

4.2.2        Digital Rights Management

 

4.3   Technology concepts related to hardware and network components, system software and database management systems

4.3.1        Computer Hardware Components and Architectures

4.3.2        Architecture and Software

4.3.3        Operating Systems

4.3.4        Access Control Software

4.3.5        Data Communications Software

4.3.6        Data Management

4.3.7        Database Management System

4.3.8        Tape and Disk Management Systems

4.3.9        Utility Programs

4.3.10     IS Network Infrastructure

4.3.11     Enterprise Network Architectures

4.3.12     Types of Networks

4.3.13     Network Services

4.3.14     Network Standards and Protocols

4.3.15     OSI Architecture

4.3.16     Application of the OSI Model in Network Architectures

 

4.4   Auditing to hardware and network components, system software and database management systems

4.4.1        Auditing Infrastructure and Operations

4.4.2        Hardware Reviews

4.4.3        Operating System Reviews

4.4.4        Database Reviews

4.4.5        Network Infrastructure and Implementation Reviews

4.4.6        IS Operations Reviews

4.4.7        Scheduling Reviews

4.4.8        Problem Management Reporting Reviews

 

4.5   Development and maintenance of disaster recovery plans

4.5.1        Recovery Point Objective and Recovery Time Objective

4.5.2        Recovery Strategies

4.5.3        Recovery Alternatives

4.5.4        Organization and Assignment of Responsibilities

4.5.5        Backup and Restoration
Domain 5—Protection of Information Assets (30%)

Exam Relevance

Learning Objectives

Task statement

Knowledge statement

5

5.1   Techniques for the design, implementation, and monitoring of security controls, including security awareness programs

5.1.1        Importance of Information Security Management

5.1.2        Key Elements of Information Security Management

5.1.3        Information Security Management Roles and Responsibilities

5.1.4        Inventory and Classification of Information Assets

5.1.5        Critical Success Factors to Information Security Management

 

5.2   Logical access controls for the identification, authentication and restriction of users to authorized functions and data

5.2.1        System Access Permission

5.2.2        Mandatory and Discretionary Access Controls

5.2.3        Privacy Management Issues and the Role of IS Auditors

5.2.4        Logical Access

5.2.5        Logical Access Exposures

5.2.6        Paths of Logical Access

5.2.7        Logical Access Control Software

5.2.8        Identification and Authentication

5.2.9        Authorization Issues

 

5.3   Security controls related to hardware, system software (e.g., applications, operating systems), and database management systems.

5.3.1        Storing, Retrieving, Transporting and Disposing of Confidential Information

5.3.2        Network Infrastructure Security

5.3.3        LAN Security

5.3.4        Client-server Security

5.3.5        Wireless Security Threats and Risk Mitigation

5.3.6        Internet Threats and Security

5.3.7        Encryption

5.3.8        Malware

5.3.9        Voice-Over IP

5.3.10     Familiarization with the Enterprise’s IT Environment

 

5.4   Auditing hardware, system software (e.g., applications, operating systems), and database management systems.

5.4.1        Auditing Logical Access

5.4.2        Techniques for Testing Security

5.4.3        Auditing Network Infrastructure Security

5.4.4        Auditing Remote Access

 

5.5   Auditing physical controls

5.5.1        Environmental Issues and Exposures

5.5.2        Controls for Environmental Exposures

5.5.3        Physical Access Issues and Exposures

5.5.4        Physical Access Controls

5.5.5        Auditing Physical Access

 

5.6   processes related to monitoring and responding to security incidents

5.6.1        Information Security and External Parties

5.6.2        Computer Crime Issues and Exposures

5.6.3        Security Incident Handling and Response

 

C-    Practical-Tips-for-CISA-Exam

D-    Practice Questions

E-     Sample Exam