Auditing modern information systems demands a deep understanding of governance, risk, and control frameworks. This course prepares participants to assess, monitor, and assure IT systems with confidence. They will explore audit processes, compliance standards, and security controls aligned to global best practices.
Learning Outcomes:
Understand IS audit principles and lifecycle
Evaluate governance and management of IT
Assess information systems acquisition and development
Review operations, maintenance, and support controls
Analyse IT risk and implement effective controls
Key Topics:
Information Systems Auditing Process
Governance and Management of IT
Information Systems Acquisition, Development, and Implementation
Information Systems Operations and Business Resilience
Protection of Information Assets
Certification preparation for the Certified Information Systems Auditor (CISA) certification exam
Exam Details
This course is designed to build participants’ understanding of key concepts and domains covered in the ISACA Certified Information Systems Auditor (CISA) certification.
The CISA exam evaluates participants across five key domains:
| Domain | Weightage |
|---|---|
| Domain 1 – Information Systems Auditing Process | 18% |
| Domain 2 – Governance and Management of IT | 18% |
| Domain 3 – Information Systems Acquisition, Development and Implementation | 12% |
| Domain 4 – Information Systems Operations and Business Resilience | 26% |
| Domain 5 – Protection of Information Assets | 26% |
To maximise success, participants are strongly encouraged to complement the course with additional self-study, revision of course materials, and dedicated practice before attempting the exam.
FUNDING INFORMATION
SkillsFuture Singapore (SSG)
Funding is available on Course Fee. Please see below for the eligibility categories available.
| Self-sponsored | Singapore Citizen & PR aged ≥ 21 years | Up to 50% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding | |
| Company Sponsored (Non-SME) | Singapore Citizen & PR aged ≥ 21 years | Up to 50% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding | |
| Company Sponsored (SME) | Singapore Citizen & PR aged ≥ 21 years | Up to 70% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding |
SSG Funding Requirements
- Trainees must scan their attendance twice daily using the SingPass application.
- Trainees must attain at least 75% attendance.
- Trainees must pass the in-house assessment to be eligible for funding.
- Trainee and/or sponsoring company is/are required to meet all SSG-mandated eligibility criteria and requirements for funding. For more information, please refer to SkillsFuture homepage.
Appeal Policy and Procedure
- As a candidate in this course assessment, you may appeal your results if you disagree with them.
- To do so, submit your written appeal request via email to esv_comat_cse@stengg.com within 3 working days from date of assessment.
Cancellation, Postponement and Refund Policy
- Request for cancellation or postponement must be submitted in writing more than 4 weeks before the class start date to avoid any charges.
- Written notice for cancellation or postponement received 2 to 4 weeks before class start date will incur Late Cancellation Charge - 50% of course fee.
- Written notice for cancellation or postponement received less than 2 weeks before class start date will incur Late Cancellation Charge - 100% of course fee.
- If payment has been made and ST Engineering e-Services Pte Ltd accepts the trainee's written notification to cancel or withdraw from the course, ST Engineering e-Services Pte Ltd will issue a refund, less any applicable Late Cancellation Charges.
Feedback Policy and Procedure
- You may submit feedback via email to esv_comat_cse@stengg.com or your servicing Account Manager.
- Any formal feedback will be handled within 10 working days from receipt with a written reply given. An interim reply will be provided should more time be required.
Domain 1: Information System Auditing Process
- Planning
- IS Audit Standards, Guidelines and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-based Audit Planning
- Types of Audits and Assessments
- Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of the Audit Process
Domain 2: Governance and Management of IT
- Planning
- IT-related Frameworks
- IT Standards, Policies and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations and Industry Standards Affecting the Organization
- IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
Domain 3: Information Systems Acquisitions, Development and Implementation
- Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment and Data Conversion
- Post-implementation Review
Domain 4: IS Operations and Business Resilience
- Information Systems Operations
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-user Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release and Patch Management
- IT Service Level Management
- Database Management
- Business Resilience
- Business Impact Analysis
- System Resiliency
- Data Backup, Storage and Restoration
- Business Continuity Plan
- Disaster Recovery Plans
Domain 5: Protection of Information Assets
- Information Asset Security and Control
- Information Asset Security Frameworks, Standards and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-point Security
- Data Classification
- Data Encryption and Encryption- related Techniques
- Public Key Infrastructure
- Web-based Communication Technologies
- Virtualized Environments
- Mobile, Wireless and Internet-of- things Devices
- Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics
.png?width=50&name=Artificial%20Intelligence%20(AI).png)
-1.png?width=360&name=Server%20(4)-1.png)
/AI%20(6)-1-1.png?width=360&name=AI%20(6)-1-1.png)
/AI%20(8)-1.png?width=360&name=AI%20(8)-1.png)
-1.png?width=360&name=Automation%20RPA%20(2)-1.png)
/AI%20(5)-1.png?width=360&name=AI%20(5)-1.png)
