
Meet trainer Karen Mercer, a seasoned internal, external, compliance, and IT auditor with risk management and information security expertise, who shares practical guidance to pass the CISA Domain 1 exam.
Learn to pass the CISA exam by mastering managerial information security concepts, audit planning, risk management, documentation, and reporting, with emphasis on applying knowledge in the IT domain.
Review regulatory frameworks across industries, verify IT controls to protect patient privacy under HIPAA, and prepare for mandatory annual IT audits to reduce risk.
Treat every audit as a project by planning in assessment, considering project risk, allocating resources, determining the schedule, and executing with monitoring to correct deviations.
Use skill metrics to assemble audit team, manage outsourced experts, ensure independence and evidence quality, and assess internal controls—administrative, physical, technical—across preventive, detective, and corrective layers for defense in depth.
Learn how auditors prepare working papers, collect direct and indirect evidence, maintain chain of custody, and use sampling and audit tools to plan, test, and report findings.
Explain qualified and unqualified audit opinions and outline the audit report format, including findings, recommendations, scope, risk, and corrective action planning for stakeholders.
Explore continuous auditing as an automated, real-time review of risk controls and information technology systems; learn about siem, embedded hooks, snapshot audits, integrated testing, and control self-assessment.
Audit business process applications and assess risk factors in ATM and banking systems. Implement controls and define the auditor role, including physical security, reconciliation, custodians for PIN and card.
We have seen the prevalence of corporate data breaches increasing at an alarming rate. Facebook, Tik Tok, and Microsoft have all been hacked recently. All three of these breaches (and many more) resulted from misconfigured security or poor security standards. In other words: they were preventable. In fact, up to 93% of hacks are caused by negligence. For e.g, more attacks have been because of stolen credentials rather than customized malware. it is no wonder that enterprises are searching for experienced system auditors to neutralize possible threats to their systems.
CISA is the gold-standard certificate for IT auditors. Enterprise confidently hires those candidates who have CISA certification
This course is the first part of five-part video series where I will help you understand the First domain of the CISA syllabus which is
IS (Information Systems) Auditing Process
In the upcoming video series, we will cover other domains of the CISA Syllabus.
My job here is to make you understand all the concepts and ideas which will help you become a good IT auditor. Having said that, this course should not be treated as a substitute of CISA Review Manual. But, after taking this course, it will be very easy for you to understand the CISA Review Manual.
Most training courses found elsewhere usually focus on the technical aspect only. But you need to understand although you as an IT auditor need to examine the systems and infrastructure, your involvement does not stop there. As technology is playing a crucial part in business success these days, an IT audit is required to get involved in examining the impact of technology on business processes, where a major linkage between business risk and technology risk is becoming stronger. So in this course, I will help you to increase your understanding of the business process and other areas so that you can increase the quality of your work. My aim is not only to help you to pass the exam but also to guide you to apply this knowledge in real life.
My other objective in this course is to change your perspective. Many auditors focus too much on operational tasks, completely ignoring the overall business goals. You need to perform the consultative function for senior management and the
board of directors (BoD) advising them on mitigating information security risks in achieving organizational goals.
I have designed this course in such a way that it is suitable for all people from various backgrounds. You may be a non-auditor, with zero IT background, internal auditor, external auditor, IT consultant, project manager, or any cybersecurity professional. In any case, we will go through the basic concept of audits and their methodology and after that, we will go on building our foundation on that knowledge. I will provide you with relevant examples, personal experience, and other valuable resources that will help you to pass this certification.
So, are you ready to be the next IT auditor? Then, I hope to see you in this course.