1 – The Process of Auditing Information Systems
- ISACA Information Systems Auditing Standards and Guidelines
- Fundamental Business Processes
- Develop and Implement an Information Systems Audit Strategy
- Plan an Audit
- Conduct an Audit
- The Evidence Life Cycle
- Communicate Issues, Risks, and Audit Results
- Support the Implementation of Risk Management and Control Practices
2 – IT Governance and Management
- Evaluate the Effectiveness of IT Governance
- Evaluate the IT Organizational Structure and HR Management
- Evaluate the IT Strategy and Direction
- Evaluate IT Policies, Standards, and Procedures
- Evaluate the Effectiveness of Quality Management Systems
- Evaluate IT Management and Monitoring of Controls
- IT Resource Investment, Use, and Allocation Practices
- Evaluate IT Contracting Strategies and Policies
- Evaluate Risk Management Practices
- Performance Monitoring and Assurance Practices
- Evaluate the Organizations Business Continuity Plan
3 – Information Systems Acquisition, Development, and Implementation
- Evaluate the Business Case for Change
- Evaluate Project Management Frameworks and Governance Practices
- Development Life Cycle Management
- Perform Periodic Project Reviews
- Evaluate Control Mechanisms for Systems
- Evaluate Development and Testing Processes
- Evaluate Implementation Readiness
- Evaluate a System Migration
- Perform a Post-Implementation System Review
4 – Information Systems Operations, Maintenance, and Support
- Perform Periodic System Reviews
- Evaluate Service Level Management Practices
- Evaluate Third-Party Management Practices
- Evaluate Operations and End User Management Practices
- Evaluate the Maintenance Process
- Evaluate Data Administration Practices
- Evaluate the Use of Capacity and Performance Monitoring Methods
- Evaluate Change, Configuration, and Release Management Practices
- Evaluate Problem and Incident Management Practices
- Evaluate the Adequacy of Backup and Restore Provisions
5 – Protection of Information Assets
- Information Security Design
- Encryption Basics
- Evaluate the Functionality of the IT Infrastructure
- Evaluate Network Infrastructure Security
- Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
- Risks and Controls of Virtualization
- Evaluate the Design, Implementation, and Monitoring of Data Classification Process
- Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
- Evaluate the Design, Implementation, and Monitoring of Environmental Controls
