Join Michael Lester for an in-depth discussion in this video What you should know, part of CISA Cert Prep: 1 Auditing Information Systems for IS Auditors.
- [Narrator] Alright, let's talk about what you should know to actually take this course. So, who is this course for? Well, anyone performing audits on information systems would be a pretty good candidate for an auditing information systems course, I would think. IT professionals who work for organizations that have internal audits, if you have an internal audit team, they come around, they give you audits, this is a good course for you. Any professionals who work for organizations that are regulated, you have some governing regulated body and you have to go through routine audits for that, this is a good course. Any professionals who work for organizations that must comply with standards, like PCID assess, or any other standards like NIST, this is a good course for you.
Any IT professionals involved in security. Now, there's a lot of security related topics in information systems auditing, particularly when we start talking about controls and auditing and testing those controls, this is a good course. And then finally, any executives or managers of business units that might have audits, or that might need to be audited, you want to understand some of the risks, and some of the challenges involved, and some of the processes involved. So, things you should know. You should have some basic understanding of organizational concepts, like what a policy is, what a procedure is, what a standard is, what a guideline is.
If you don't know the difference between a policy and a procedure, for example, go Google it and take a look, and get some information, re-up on that before you take this course, so you at least understand the lingo. You should have some idea of organizational structures. You should have some idea what an ORG chart is for example. You should understand how organizations could be functionally distributed, or divided by divisions, or what a flat hierarchy looks like, if there is a flatarchy, we sometimes refer to those as flatarchies. Those are the kinds of things you should know before you take this course, so you understand the lingo and how an audit might stretch across and be involved in business processes, and an entire enterprise.
- Managing an IS audit
- Regulatory drivers
- IS controls
- Performing an IS audit
- Communicating audit results
- Evolving the audit process
- Continuous auditing