Scribd
Upload
146 views2 pages

Domain 1

First, read one domain from the CISA Review Manual and answer all corresponding questions from the Q&A CD until you can answer them correctly. As you do so, flag important pages in the manual with post-it notes. CISA Domain 1 covers the process of auditing information systems. The 7 key areas to understand are: 1) managing the IS audit function, 2) ISACA standards and guidelines, 3) risk analysis, 4) internal controls, 5) performing an IS audit, 6) control self-assessment, and 7) the evolving IS audit process. Domain 1 provides the basic fundamentals needed to understand the CISA certification, so it is important to grasp these concepts.

Uploaded by

thepsalmist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
146 views2 pages

Domain 1

First, read one domain from the CISA Review Manual and answer all corresponding questions from the Q&A CD until you can answer them correctly. As you do so, flag important pages in the manual with post-it notes. CISA Domain 1 covers the process of auditing information systems. The 7 key areas to understand are: 1) managing the IS audit function, 2) ISACA standards and guidelines, 3) risk analysis, 4) internal controls, 5) performing an IS audit, 6) control self-assessment, and 7) the evolving IS audit process. Domain 1 provides the basic fundamentals needed to understand the CISA certification, so it is important to grasp these concepts.

Uploaded by

thepsalmist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

First, Get a copy of the CISA Review Manual and a copy of the Q&A CD

Second, Read one Domain then answer all the questions on the Q&A CD for that Domain until you can answer
everyone correctly.  As you answer the questions look in the Review Manual for that Domain for the
supporting material and put a post-it flag on the page.

CISA – Domain 1 – The Process of Auditing Information Systems


There are 7 areas that you need to understand in Domain 1.

1)      Management of the IS Audit Function


 Need to know about the audit charter and what it contains
 Need to know the steps to perform audit planning.  In the CISA review manual on page 34, look
at Exhibit 1.2 and commit those steps to memory
 Take an ink pen and write on your hand “Gain an understanding of the business’s mission,
objectives, purpose and processes.”  IMPORTANT this shows up in about 3-4 questions on the
exam.
 Read through the section on “Effect of Laws and Regulations on IS Audit Planning, paying
particular attention to the Basel II Accord on page 35.

2)     ISACA IT Audit and Assurance Standards and Guidelines


 Memorize S1, S2, S4, S9, and S10.  Standards S12 thru S16 are recent additions to CISA  and you
should have a close intimate acquaintance with S12, S13 & S14.
 Memorize G5, G10, G18, and G19.  Guidelines G41 and G42 are recent additions to CISA and
ROSI is receiving a lot of press.  So be familiar with the concept of Return on Security Investment
and how to calculate it.  For example, let’s say you spend $500,000 of anti-virus software for your
enterprise and your boss wants justification for why he/she should continue to spend that kind of
money when there hasn’t been any virus infections in the last year.  You respond with, “You’re
absolutely right, there hasn’t been any virus infections in the last year.  However, two years ago
when we did have a virus infection it cost the company $15,000 in additional overtime to clean up
after the virus infection.  Our incident response team says we’re blocking about 500 to 700 virus a
day, so if we say just 1 virus a day gets thru and multiplying it by the cost to recover $15,000 that
comes out to about $5.4 million dollars in overtime savings alone.”  I think your boss will be
impressed with your ROSI.
 Memorize P2, P5, P7, and P10
 You should have an understanding of ITAF (Information Technology Assurance Framework)
particularly section 3000 on IT Assurance Guidelines

3)     Risk Analysis


 Know the definition of risk
 Know the remediation methods (Accept, Mitigate, Transfer, Avoid)

4)     Internal Controls


 Know the difference between Preventive, Detective, and Corrective controls
 Understand how CobiT fits into ISACA’s idea of supporting IT governance and management
 Understand the difference between IT control objectives and Internal control objectives
 5)     Performing an IS Audit
 Know the definitions of Auditing and IS Auditing – they’re different
 Know the different types of audits, read closely integrated audits and forensic audits
 Know the different phases of an audit, in other words memorize Exhibit 1.5 on page 53
 Understand the concept of risk based auditing including inherent, control, and detection risks.
 Be able to give examples of both compliance testing and substantive testing
 Sampling is a section in the Review Manual that you just have to memorize, that’s it, memorize
page 60 of the CISA manual
6)     Control Self-Assessment
 Your role is as a facilitator

7)     The Evolving IS Audit Process


 Integrated auditing means you work with the financial auditor on an audit which is based on RISK
 Understand the difference between continuous monitoring and continuous auditing

The first domain is a basis for understanding the whole area of Certified Information Systems Auditor, and
without a grasp of the basic fundamentals you cannot be successful in the other domains.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy