The CISA course objectives are to:

  • Understand the methodology, phases and activities required to plan, assess risk, conduct an audit and communicate the audit progress, findings and recommendations
  • Understand the methodology and activities required for IT Strategy Alignment, IT Organisational structure, Implementation and Management of T policies and Policy and Practices Compliance to regulatory and legislation requirements and knowledge to evaluate their effectiveness
  • Understand the definitions, methodology and activities required for systems development life cycle, systems implementation and knowledge required to evaluate their effectiveness
  • Understand the definitions, methodology and phases involved in Business continuity, IT Service Operations
  • Understand the components of Physical Security, Logical Access Security, data classification, data life cycle, Security Controls, Threat and Vulnerability Assessment, Security Testing Security Operations, Security Incident Process and evaluate their effectiveness

The course is prepared and delivered based on content from the ISACA CISA (Certified Information Systems Auditor) Review Manual 27th edition. The course covers five (5) domains covering Information System Auditing Process; Governance and Management of IT; Information Systems Acquisition, Development and implementation; Information Systems Operation and Business Resilience and Protection of Information Assets.  The Course goal is for the participant to gain the knowledge to prepare and take the ISACA CRISC Exam as well as help them to participate and contribute in managing the Risks faced by their organisation.

The course is conducted over 4 days and the content is organised into five domains and topics covered in each of the domains is as shown below:

Domain 1 – Information System Auditing Process

  • Planning
    • IS Audit Standards, Guidelines, and Codes of Ethics
    • Business Processes
    • Types of Controls
    • Risk-Based Audit Planning
    • Types of Audits and Assessments
  • Execution
    • Audit Project Management
    • Sampling Methodology
    • Audit Evidence Collection Techniques
    • Data Analytics
    • Reporting and Communication Techniques
    • Quality Assurance and Improvement of the Audit Process


Domain 2 – Governance and Management of IT 

  •  IT Governance
    • IT Governance and IT Strategy
    • IT-Related Frameworks
    • IT Standards, Policies, and Procedures
    • Organizational Structure
    • Enterprise Architecture
    • Enterprise Risk Management
    • Maturity Models
    • Laws, Regulations, and Industry Standards affecting the Organization
  • IT Management
    • IT Resource Management
    • IT Service Provider Acquisition and Management
    • IT Performance Monitoring and Reporting
    • Quality Assurance and Quality Management of IT

Domain 3 – Information Systems Acquisition, Development and implementation 

  • Information Systems Acquisition and Development
    • Project Governance and Management
    • Business Case and Feasibility Analysis
    • System Development Methodologies
    • Control Identification and Design
  •   Information Systems Implementation
    • Testing Methodologies
    • Configuration and Release Management
    • System Migration, Infrastructure Deployment, and Data Conversion
    • Post-implementation Review

Domain 4 – Information Systems Operation and Business Resilience 

  • Information Systems Operations
    • Common Technology Components
    • IT Asset Management
    • Job Scheduling and Production Process Automation
    • System Interfaces
    • End-User Computing
    • Data Governance
    • Systems Performance Management
    • Problem and Incident Management
    • Change, Configuration, Release, and Patch Management
    • IT Service Level Management
    • Database Management
  •  Business Resilience
    • Business Impact Analysis (BIA)
    • System Resiliency
    • Data Backup, Storage, and Restoration
    • Business Continuity Plan (BCP)
    • Disaster Recovery Plans (DRP)

Domain 5 – Protection of Information Assets 

  • Information Asset Security and Control
    • Information Asset Security Frameworks, Standards, and Guidelines
    • Privacy Principles
    • Physical Access and Environmental Controls
    • Identity and Access Management
    • Network and End-Point Security
    • Data Classification
    • Data Encryption and Encryption-Related Techniques
    • Public Key Infrastructure (PKI)
    • Web-Based Communication Techniques
    • Virtualized Environments
    • Mobile, Wireless, and Internet-of-Things (IoT) Devices
  •  Security Event Management
    • Security Awareness Training and Programs
    • Information System Attack Methods and Techniques
    • Security Testing Tools and Techniques
    • Security Monitoring Tools and Techniques
    • Incident Response Management
    • Evidence Collection and Forensics

The CISA course is aimed at working Information Systems Audit professionals with at least five years of on the ground experience. IT professionals who have similar duties as internal IT auditors will also find this course crucial to performing their roles well.

A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification. Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:

A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
A bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
A master’s degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
Exception: 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.

As an example, at a minimum (assuming a 2-year waiver of experience by substituting 120 university credits), an applicant must have 3 years of actual work experience. This experience can be completed by:

3 years of IS audit, control, assurance or security experience
2 years of IS audit, control assurance or security experience and 1 full year non-IS audit or IS experience or 2 years as a full-time university instructor.



9 – 12


13 – 16


8 – 11


31 Jul – 3


2 – 5


4 – 7

Duration: 4 Days

Course Fee


Course Fee w/o GST$1,750.00
Course Fee w. GST$1,890.00
SME (Company Sponsored) – All Singaporean and Permanent Resident Employee$665.00
Singapore Citizens aged 40 years old and above$665.00
Singapore Citizen and Permanent Resident aged 21 years old and above$1,015.00

Exam Fee

  • Please contact us for more information @ 6635 5590
Post-Secondary Education Account (PSEA)

All Singaporean below 31 years old and entitled to utilise their PSEA account for this following course.
Participant may also opt to utilise his/her sibling PSEA account balance (if there are insufficient balance in your account).

Book Now

    Leave a Comment

    Your email address will not be published.