Richard E. Cascarino, MBA, CIA, CISM, CFE, CRMA, is well-known in international auditing. Richard is a principal of Richard Cascarino & Associates. He has more than 31 years' experience in audit training and consulting. He is a regular speaker to National and International conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc. and is a member of ISACA, and the Association of Certified Fraud Examiners, where he is a member of the Board of Regents for Higher Education. Richard was Chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health) in Johannesburg and is currently the Chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa. He is also a visiting Lecturer at the University of the Witwatersrand, author of the book Internal Auditing: An Integrated Approach, now in its third edition. This book is extensively used as a university textbook worldwide. In addition, he is the author of the Auditor's Guide to IT Auditing, Second Edition and the book Corporate Fraud and Internal Control: A Framework for Prevention. He is also a contributor to all four editions of QFINANCE, the Ultimate Resource.

Contents

· Introduction

Chapter 1 Introduction to the CISA examination

· The structure of the CISA exam

· Becoming Certified

· Experience requirements

· Passing the Exam

· CISA Job Practice Domains and task and knowledge statements

· ISACA's Code of Professional Ethics

· The ISACA Standards

· Continuous Professional Education

Chapter 2: Domain 1-The Process of Auditing Information Systems

· Knowledge Statements

· Understanding the Fundamental Business Processes

· Control principles related to controls in information systems

· Risk-based audit planning and audit project management techniques

· Quality of the internal control framework

· Auditor understanding of the applicable laws

· Evidence collection techniques

· Domain One - exam tips

· Domain One - Practice questions

· Domain One - Review Questions and Hands on Exercise

· Domain One - Answers to practice questions

· Exercise 1 sample answer

Chapter 3: Domain 2-Governance and Management of IT

· Governance in General

· Resource Management

· Project Management Tools

· Auditor's Role in the Project Management Process

· Audit Risk Assessment

· Audit Planning

· Domain Two - practice questions
Domain Two - Review Questions and Hands on Exercise

· Exercise 2 sample answer

· Domain 2 Answers to practice questions

Chapter 4: Domain 3- Information Systems Acquisition, Development and Implementation

· Systems Acquisition

· Systems Development

· Systems Implementation

· Systems Maintenance Review

· Domain Three - practice questions
Domain Three - Review Questions and Hands on Exercise

· Exercise 3 sample answer

· Domain 3 Answers to practice questions

Chapter 5: Domain 4- Information Systems Operations, Maintenance and Service Management

· Hardware

· Auditing Operating Systems

· People

· System interfaces

· Change Management

· Auditing Change Control

· Disaster Recovery Planning

· Auditing Service Delivery

· Domain Four - practice questions

· Domain Four - Review Questions and Hands on Exercise

· Exercise 4 sample answer

· Domain 4 Answers to practice questions

Chapter 6: Domain 5- Protection of Information Assets

· Protection of information assets

· Privacy principles

· Design, implementation, maintenance, monitoring and reporting of security controls

· Physical access controls for the identification, authentication and restriction of users

· Logical access controls for the identification, authentication and restriction of users

· Risk and controls associated with virtualization of systems

· Risks and controls associated with the use of mobile and wireless devices

· Encryption-related techniques and their uses

· Public key infrastructure (PKI) components and digital signature techniques

· Peer-to-peer computing, instant messaging, and web-based technologies

· Data classification standards related to the protection of information assets

· Risks in end-user computing

· Implementing a security awareness program

· Information system attack methods and techniques

· Prevention and detection tools and control techniques

· Security testing techniques

· Penetration testing and Vulnerability scanning

· Forensic investigation and procedures in collection and preservation of the data and evidence

· Domain Five - practice questions

· Domain Five - Review Questions and Hands on Exercise

· Exercise 5 sample answer

· Domain 5 Answers to practice questions

Chapter 7- Preparing for the Exam

Appendices

Appendix A: Glossary of Terms

Appendix B: CISA Sample Exam - Choose any 150 questions

Appendix C: Sample Exam Answers