Skip to main content

CISA Certified Information Systems Auditor Study Guide

CISA Certified Information Systems Auditor Study Guide

David L. Cannon, Timothy S. Bergmann, Brady Pamplin

ISBN: 978-0-782-14438-3

May 2006

480 pages

Select type: Paperback

Product not available for purchase


Demand for qualified and certified information systems (IS) auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification, the one certification designed specifically for IS auditors, and improve your job skills with this valuable book. Not only will you get the valuable preparation you need for the CISA exam, you?ll also find practical information to prepare you for the real world. This invaluable guide contains:

Authoritative coverage of all CISA exam objectives, including:

  • The IS Audit Process.
  • IT Governance.
  • Systems and Infrastructure Lifecycle Management.
  • IT Service Delivery and Support.
  • Protection of Information Assets.
  • Disaster Recovery and Business Continuity.

Practical information that will prepare you for the real world such as:

  • Secrets of successful auditing.
  • Government regulations at a glance.
  • Incident handling checklist.
  • Scenarios providing insight into professional audit systems and controls.

Additional exam and career preparation tools such as:

  • Challenging chapter review questions.
  • A glossary of terms.
  • Tips on preparing for exam day.
  • Information on related certifications.

A free CD-ROM with:

  • Advanced testing software with challenging chapter review questions plus bonus practice exams so you can test your knowledge.
  • Flashcards that run on your PC, Pocket PC, or Palm handheld.
  • The entire book in searchable and printable PDF.

Related Resources


Contact your Rep for all inquiries


Assessment Test.

Chapter 1: Secrets of a Successful IS Auditor.

Chapter 2: Audit Process.

Chapter 3: IT Governance.

Chapter 4: Networking Technology.

Chapter 5: Life Cycle Management.

Chapter 6: IT Service Delivery.

Chapter 7: Information Asset Protection.

Chapter 8: Disaster Recovery and Business Continuity.



ChapterPageDetailsDatePrint Run
5211Error in Figure 5.4 Six phases of SDLC,Phase 4 under Buy should read Configuration

Phase 4 under Build should read Development
4191Text error: Chapter 4 Review Question no. 6,The correct answer (as given on pg. 195) is B. But B. is misprinted.

Option B. should read:
B. Physical, Data-Link, Network, Transport, Session, Presentation, Application.
IntroductionxxviiText Correction,Line 9:
...of formal PMI training and 1,500 hours... should read
...of formal PMI training or 1,500 hours...
18Text Correction,4th bullet point: Statement on Auditing Standards (SAS), standards 1 through 101... should read
Statement on Auditing Standards (SAS), standards 1 through 114...
19Omission in ISACA IS Audit Standards,S11 Use of Risk Analysis in Audit Planning
Add a second sentence: Risk planning is used to determine if audit is possible, our level of competency to conduct the audit, and plan for the maximum return on investment when designing specific audits.
110Error in Figure 1.2,Bottom row, far right column, last bullet point: Other automated controlsSampleof
delete Sampleof
253Misspelled word in Figure 2.2,Under Knowledge of business, 3rd line: Reproting should be Reporting 6/21/07
256Text correction, Figure 2.3,5th row, 1st column, line 3: List of nonbusiness should read
List of non-business expenses
270Error in figure 2.4,An arrow is missing which should point from Presentation back to Postanalysis Preservation Storage 6/21/07
281Two text corrections under "Exam Essentials",Paragraph 3, Be familiar with how to plan for specific audits.
3rd sentence: The auditor will be to identify... should read
The auditor will need to identify...

Paragraph 5, Be familiar with IS control objectives and performing control assessment
last sentence: The IS auditors responsible... should read
The IS auditor is responsible...
3105Text Correction,Under Performance Review, line 6:
A score of zero indicate nothing... should read
A score of zero indicates nothing...
3107Two text corrections under "Risk Management",line 2:
Now let's look one... should read Now let's look at one...

line 4 should read:
The first step in risk management is to calculate how much a single loss event (SLE) would cost.
3109Text Correction,Under Information Security Risk, 3rd sentence:

News articles discuss the government organizations from competing countries attempt to bring the technology to native organizations that are residents of their country.

should read

News articles discuss government agencies from competing countries conspiring to bring new technology to native organizations that are residents in their country.
3114Text Correction,Under Managing outsourcing, last sentence:
Besides the control issue, and an excellent idea to implement...

should read

Besides the control issue, an excellent idea is to implement...