Certified Information Systems Auditor CISA (Part 2 of 5): Governance and Management of IT

The goal of this course is to address why IT governance is necessary. An IS auditor has to understand and provide assurance to achieve corporate governance for IT and possess the knowledge for evaluating control practices and mechanisms. 11 tasks will be covered several of which include evaluating effectiveness of IT structure and also human Resources management. This course contains the following lessons:

Lesson 1:

• Corporate Governance
• Corporate Governance Framework and Goal
• IT Governance.

Lesson 2:

• IT Monitoring and Assurance for Senior Management
• IT Monitoring and Assurance Continued
• Best Practices for IT Governance
• Importance of IT Governance
• Focus Areas
• Best Practices Continued
• IT Governance Frameworks
• Audit Role in IT Governance
• Defining an Audit and Things to Assess
• IT Strategy Committee
• IT Balanced Scorecard
• BSC Mission
• IS Governance
• IS Governance Continued
• Information Protection
• Information Security Risks
• Importance of IS Governance
• Outcomes of Security Governance
• Effective Information Security Governance
• Roles and Responsibilities of Senior Management
• Effective Security Governance
• Enterprise Architecture.

Lesson 3:

• Strategic Planning
• Strategic Planning Continued
• Steering Committee
• Maturity and Process Improvement Models.

Lesson 4:

• IT Investment and Allocation Practices
• Portfolio and Investment Management
• Implement IT Portfolio Management
• IT Portfolio Management vs. Balanced Scorecard.

Lesson 5:

• Policies
• Policies Continued
• Policy Reviews
• Information Security Policy
• Policy Document
• Policy Document Subdivisions
• Acceptable Use Policy
• Reviewing the Information Security Policy
• IS Auditory Policy Tasks
• Procedures
• Procedures Continued.

Lesson 6:

• Risk Management
• Develop Risk Management Program
• Risk Management Process
• Identify Vulnerable Assets
• Assess Threats and Vulnerabilities
• Impacts
• Evaluate Controls
• Levels of Risk Management
• Risk Analysis Methods
• Qualitative Analysis
• Quantitative Analysis
• Business Impact Analysis
• Risk Analysis Methods Continued.

Lesson 7:

• Human Resource Management
• Hiring
• Hiring Practices
• What to Look At
• Sourcing Practices
• Sourcing Policies
• Outsourcing Practices
• Outsourcing Considerations
• Worldwide Practices and Strategies
• Options for Auditing a Third Party
• Governance and Outsourcing
• Outsourcing as Strategic Resource
• Outsourcing Monitoring and Review
• Service Improvement Expectations
• Organizational Change Management
• Financial Management Practices
• Quality Management
• Documenting Quality Management
• Gap Analysis
• Performance Optimization
• Information Security Management
• Performance Measurements.

Lesson 8:

• Is Roles and Responsibilities
• IS Roles and Responsibilities Continued
• More IS Roles and Responsibilities
• Segregation of Duties
• Custody of Assets
• Other Things to Separate
• Compensating Controls. Lesson 9:
• Reviewing Documentation
• Reviewing Documentation Continued
• Contractual Commitments.

Lesson 10:

• Business Continuity Planning
• Disaster Recovery Plan
• IS Business Continuity Planning
• Disasters and Other Disruptive Events
• Business Continuity Strategies
• Business Continuity Planning Process
• Business Continuity Policy
• Business Impact Analysis
• Business Impact Analysis Strategies
• Classification of Operations
• Development of Business Continuity Plans
• Other Issues and Plan Development
• Components of a BCP
• Components of a BCP Continued
• Testing the BCP
• BCP Testing Continued
• BCP Maintenance
• Summary of BCP.