Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA)

Course Preview

Information technology, long considered as only an enabler of an organization’s strategy, is now regarded as an integral part of this business strategy. Strategic alignment between Information Technology and enterprise objectives is one of the critical success factors. With the changing landscape concerning security, corporate governance, IT service delivery, and systems reliability as well as regulatory requirements, the CISA course becomes vital for information technology line and senior managers.

The training molds information technology professionals into complete and competent individuals.


Course Duration


10 Days


Target Group

Business and information systems management, audit, control, and security professionals including the following:

  • Information systems professionals aspiring to build a career in information systems auditing
  • Internal and external auditors (both IT and financial) 
  • Information security professionals
  • Finance/CPA professionals
  • Risk management professionals
  • Security managers/analysts
  • Software Managers
  • Infrastructure/Network Managers


Course Objective

The main objective of the training is to provide a comprehensive understanding of Information Systems auditing. This course will equip participants with the knowledge and practical skills necessary to successfully perform a complete IS audit of any organization’s size.


Course Outline

  1. The Process of Auditing Information Systems

Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems.

The auditing process covers IS auditing standards:

  • Risk-based approach
  • Controls
  • Audit objectives, planning and scope
  • Cobit
  • Field Work
  • Identifying conditions and defining reportable findings
  • Review of work
  • Audit Results Communication
  1. Governance and Management of IT

Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.

  • IT governance structure
  • IT organizational structure and HR management
  • Evaluating IT Strategies
  • Evaluating IT policies, standards & procedures
  • IT Resource Investment
  • Evaluating Risk-management, monitoring and assurance practices




  1. Information Systems Acquisition, Development and Implementation

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.

  • Evaluation approach and Project Management
  • Functional Requirements and Feasibility Analysis
  • System Design
  • System Development System
  • Acquisition, Implementation and Post-Implementation
  1. Information Systems Operations, Maintenance and Support

Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.

  • Service Level Management
  • Evaluating Systems Software
  • Evaluating Hardware Acquisition and Installation
  • Evaluating network infrastructure (voice & data)
  • Evaluating change, configuration and release management
  • Capacity and Performance monitoring tools and techniques
  • Data Administration practices
  • Problem and Incident management practices
  1. Protection of Information Assets

This module discusses the organization’s security policies, standards, procedures and controls that ensure the confidentiality, integrity and availability of information assets.

  • Evaluate the information security and privacy policies, standards and procedures for completeness, alignment with generally accepted practices and compliance with applicable external requirements.
  • Evaluate the design, implementation, maintenance, monitoring and reporting of physical and environmental controls to determine whether information assets are adequately safeguarded.
  • Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to verify the confidentiality, integrity and availability of information.
  • Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
  • Evaluate the processes and procedures used to store, retrieve, transport and dispose of assets to determine whether information assets are adequately safeguarded.
  • Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.



The instructor-led pieces of training are delivered using a combined learning approach and comprise of presentations, practical sessions, and online tutorials. Our facilitators are seasoned industry experts with years of experience, working as professionals and trainers in these fields.

All facilitation and course materials will be offered in English. The participants should be reasonably proficient in English.


Upon successful completion of this training, participants will be issued with Profound Research Services (PRC) certificate certified by the National Industrial Training Authority (NITA).


The training will be held at PRC Training Centre. The course fee covers the course tuition, training materials, two break refreshments, and lunch.

All participants will additionally cater for travel expenses, visa application(where applicable), insurance among other personal expenses.


Accommodation and airport pickup are arranged upon request. For reservations contact the Training Officer.

Email:This email address is being protected from spambots. You need JavaScript enabled to view it..  

Mob: +254 74040112


This training can also be customized to suit the needs of your institution upon request. You can have it delivered in our PRC Training Centre or at a convenient location.

For further inquiries, please contact us on Tel: +254 74040112 or mail This email address is being protected from spambots. You need JavaScript enabled to view it.


Payment should be transferred to PRC account through bank on or before C.O.B. 3rd May 2021.

Send proof of payment to This email address is being protected from spambots. You need JavaScript enabled to view it. 


Please Note: The program content shown here is for guidance purposes only. Our continuous course improvement process may lead to changes in topics and course structure.



Event Properties

Event Date 05-10-2021 8:00 am
Event End Date 05-21-2021 1:00 pm
Cut off date 05-03-2021
Individual Price KSH 140,000.00
Location Mombasa
We are no longer accepting registration for this event
Share this event: