,Contents
Preface
Practice Exams
Practice Exam 1
Practice Exam 2
Practice Exam 3
Practice Exam 4
Practice Exam 5
Practice Exam 6
Practice Exam 7
Practice Exam 8
Practice Exam 9
Practice Exam 10
Answers to Practice Exams
Practice Exam 1
Practice Exam 2
Practice Exam 3
Practice Exam 4
Practice Exam 5
Practice Exam 6
Practice Exam 7
Practice Exam 8
Practice Exam 9
Practice Exam 10
, Preface
Exam Duration: 4 hours
Maximum Questions: 150, Multiple-Choice
Domains
1. Information System Auditing Process (21 %)
2. Governance and Management of IT (17 %)
3. Information Systems, Acquisition, Development and Implementation (12 %)
4. Information Systems Operations and Business Resilience (23 %)
5. Protection of Information Assets (27 %)
Passing Score: 450 on a scale of 200 to 800 points
, Domain I : Information System Auditing Process (21 %)
The objective of this domain is to ensure that the CISA candidate has the
knowledge necessary to provide audit services in accordance with IS audit
standards to assist the organization with protecting and controlling
information systems.
This area represents 21 percent of the CISA exam (approximately 32
questions).
TASK AND KNOWLEDGE STATEMENTS
TASKS
There are five tasks within the domain covering the process of auditing
information systems:
T1.1 Execute a risk-based IS audit strategy in compliance with IS audit
standards to ensure that key risk areas are audited.
T1.2 Plan specific audits to determine whether information systems are
protected, controlled and provide value to the organization.
T1.3 Conduct audits in accordance with IS audit standards to achieve
planned audit objectives.
T1.4 Communicate audit results and make recommendations to key
stakeholders through meetings and audit reports to promote change when
necessary.
T1.5 Conduct audit follow-ups to determine whether appropriate actions
have been taken by management in a timely manner.
KNOWLEDGE STATEMENTS
The CISA candidate must have a good understanding of each of the topics
or areas delineated by the knowledge statements. These statements are the
basis for the exam.
There are 11 knowledge statements within the domain covering the process
of auditing information systems:
K1.1 Knowledge of ISACA IS Audit and Assurance Standards, Guidelines,
and Tools and Techniques, Code of Professional Ethics and other applicable
standards
Preface
Practice Exams
Practice Exam 1
Practice Exam 2
Practice Exam 3
Practice Exam 4
Practice Exam 5
Practice Exam 6
Practice Exam 7
Practice Exam 8
Practice Exam 9
Practice Exam 10
Answers to Practice Exams
Practice Exam 1
Practice Exam 2
Practice Exam 3
Practice Exam 4
Practice Exam 5
Practice Exam 6
Practice Exam 7
Practice Exam 8
Practice Exam 9
Practice Exam 10
, Preface
Exam Duration: 4 hours
Maximum Questions: 150, Multiple-Choice
Domains
1. Information System Auditing Process (21 %)
2. Governance and Management of IT (17 %)
3. Information Systems, Acquisition, Development and Implementation (12 %)
4. Information Systems Operations and Business Resilience (23 %)
5. Protection of Information Assets (27 %)
Passing Score: 450 on a scale of 200 to 800 points
, Domain I : Information System Auditing Process (21 %)
The objective of this domain is to ensure that the CISA candidate has the
knowledge necessary to provide audit services in accordance with IS audit
standards to assist the organization with protecting and controlling
information systems.
This area represents 21 percent of the CISA exam (approximately 32
questions).
TASK AND KNOWLEDGE STATEMENTS
TASKS
There are five tasks within the domain covering the process of auditing
information systems:
T1.1 Execute a risk-based IS audit strategy in compliance with IS audit
standards to ensure that key risk areas are audited.
T1.2 Plan specific audits to determine whether information systems are
protected, controlled and provide value to the organization.
T1.3 Conduct audits in accordance with IS audit standards to achieve
planned audit objectives.
T1.4 Communicate audit results and make recommendations to key
stakeholders through meetings and audit reports to promote change when
necessary.
T1.5 Conduct audit follow-ups to determine whether appropriate actions
have been taken by management in a timely manner.
KNOWLEDGE STATEMENTS
The CISA candidate must have a good understanding of each of the topics
or areas delineated by the knowledge statements. These statements are the
basis for the exam.
There are 11 knowledge statements within the domain covering the process
of auditing information systems:
K1.1 Knowledge of ISACA IS Audit and Assurance Standards, Guidelines,
and Tools and Techniques, Code of Professional Ethics and other applicable
standards
