(+252) 614927418
Default Image

CISA

The Certified Information Systems Auditor (CISA) credential is an internationally acknowledged certification for professionals specializing in information systems audit, control, assurance, and security. Awarded by the Information Systems Audit and Control Association (ISACA), it has become the benchmark around the world for those working in the field of information systems, particularly in areas related to auditing, control, and security.

There five domains in CISA:

  1. Information System Auditing Process:

This domain describes how IT auditors adhere to established standards to safeguard and control information systems. It includes creating risk-based audit strategies, planning and executing audits, conducting control self-assessments, and communicating findings with coordinated follow-up actions.

  1. Governance and Management of IT:

This domain evaluates whether an organization has the essential frameworks and processes in place. Auditors review the IT strategy, governance, organizational and HR structures, and relevant policies, as well as assess IT resource management, risk practices, controls, KPIs, and business continuity planning.

  1. Information Systems Acquisition, Development, and Implementation:

This domain ensures that IT auditors verify the alignment of information systems acquisition, development, testing, and implementation with organizational objectives. It involves assessing business cases for proposed investments, evaluating IT supplier selection and contract management processes, reviewing project management frameworks—including aspects like virtualization and cloud service provider (CSP) architectures—assessing readiness for implementation, and conducting post-implementation reviews to confirm that systems meet intended goals throughout their lifecycle.

  1. Information Systems Operations, Maintenance and Support:
    This domain ensures that IT auditors assess whether an organization’s IT operations, maintenance, and support processes align with its objectives. It includes evaluating IT service management frameworks, reviewing system operations, assessing database management and data quality, examining incident and problem management, change and release procedures, end-user computing, IT continuity, and conducting disaster recovery testing to ensure systems can recover from unexpected events.
  2. Protection of Information Assets:

This domain ensures that IT auditors assess whether an organization’s security policies, standards, and procedures effectively protect the confidentiality, integrity, and availability of its information assets. It involves evaluating information systems and privacy measures, physical and environmental controls, system and logical security controls, data classification, and overall information security programs.