CISA: Certified Information Systems Auditor

WEBVTT Welcome and thanks for joining us for this overview for the Certified Information Systems Auditor course. I'm Sophie Goodwin, I'm an edutainer here. You may recognize me from other cybersecurity focused courses here at ACI Learning. You'll see me in the position of learner advocate and some of the episodes for this course, and you'll also see some other edutainers in that role as well. What that means is we'll be asking questions along the way that you might have at home and we'll be learning right alongside you. And of course, our subject matter expert for this course, to my, I guess that would be my left or my right, depending on how you're watching this, would be Chris Ward. So Chris, could you tell us a little bit about yourself? Thanks, Sophie. Yeah, I am going to be your leader through these episodes that we come up with in the Certified Information Systems Auditor certification course, which is produced by ISACA. I am a C-RISC and CISA certified individual as well as a PMP, Project Management Professional, as well as an Agile Certified Professional, ITIL-4 Master, and working a lot in the areas of enterprise governance and IT service management. And so that's kind of what I bring to the table. I've been doing this for 20 plus years in the realm of IT and excited to be here. Sophie, to talk about how we can help people get CISA certified. If you're here watching this overview, chances are you probably are looking to take that CISA exam or maybe you're just looking to expand your knowledge a little bit. So for those watching that aren't familiar with the objectives that go with this exam, could you tell us a little bit more about what we're going to learn in this course? Well, the good news is, Sophie, that we can obviously point you to making sure you go to ISACA.org. When you go there, you can look up the CISA certification as well as some of the objectives. Now, the good news is, is that we're going to follow those objectives. We want to make sure that we point out the information that ISACA expects you to understand to be certified. Now, also remember, though, in order to become a certified information systems auditor, you will need to have five years experience doing I.S. auditing and or in areas like risk management and risk analysis and also other areas of audit. You can bring that to the table. But we're going to follow pretty closely to what the expectations are. We're going to talk a little bit about the guidelines, the practices, the methods. We're going to be talking about, you know, how do we protect our information systems assets and how do we handle things like business continuity? How are you able to put disaster recovery plans in place? And then how do we step in as the auditor to make sure that whatever controls are in place, that they are adequate and that they are being followed according to the policies and they're being done well, as we would say. And so we're going to be having a lot of fun doing that. We got a lot of content to cover. And you will also see that I'm not just doing this to, you know, tell you, OK, here's a particular type of question you're going to get in the exam. Number one, I'm not going to do that. But number two is I will point out certain areas that, hey, if you are planning on taking the exam, maybe some of you are just wanting to learn, like Sophie says, a little bit more about certified information systems auditing. Well, OK, that's great. But if you are going to take the exam, we will point out some things that you should know, or at least you want to make sure that you look into even more. So there are some resources available. Make sure that you download those as well as copies of some notes that will be of great assistance to you, Sophie, as you take this course. And then lastly, I know you already kind of touched on it by talking about how you'll need that five years experience. And in the world of audit, if you are looking to become a certified information systems auditor. But aside from that, is there any other prerequisite knowledge other than what we've already talked about that people should bring to the table before they jump into this course? Yeah, I mean, definitely if you can, if you've had the experience in maybe other areas of auditing, maybe financial auditing or other things like that, working governance, if you work in risk, bringing that to the table is going to definitely help you understand these things. Also, if you do have some sort of information systems background or I.T. background that also will give you a little bit more assistance because we will be giving certain terms that you are expected to know. You know, you do need to understand about network operations. You need to understand things like server infrastructure and architecture. You do need to know some of those things. Now, we will give you some overviews of those. We will give you certain definitions that are important for you. But bringing that experience to the table is going to make this a much better course. All right. Well, it's good to know for myself as a learner advocate, as well as those watching this overview, some of the things that they might need to know before jumping into this course. Other than that, I think that's going to do it for this overview. And I know you know a little bit more about me, about Chris and about some of the material we're going to be talking about. So thanks for joining us for this overview and we'll see you in the course.