www.isaca.

org
 ISACA – ‫جمعية تدقيق ومراقبة نظم المعلومات‬

ISACA ‫ وتشارك‬،‫ هي جمعية عالمية مستقلة وغير ربحية‬ISACA ‫في تطوير واعتماد‬
‫واستخدام المعرفة والممارسات الرائدة في الصناعة والمقبولة عالميًا ألنظمة المعلومات‬.

‫ كانت‬ISACA ‫ وهي اآلن‬،‫تُعرف ساب ًقا باسم جمعية تدقيق ومراقبة أنظمة المعلومات‬
‫ لتعكس النطاق الواسع من المتخصصين في حوكمة تكنولوجيا‬،‫تستخدم اختصارها فقط‬
‫المعلومات الذين تخدمهم‬.
 ISACA – Information Systems Audit and
Control Association

 ISACA is an independent, nonprofit, global association, ISACA engages in the

development, adoption and use of globally accepted, industry-leading knowledge
and practices for information systems.

 Previously known as the Information Systems Audit and Control Association,

ISACA now goes by its acronym only, to reflect the broad range of IT governance
professionals it serves.
 CISA - ‫مدقق نظم المعلومات المعتمد‬

CISM - ‫مدير نظم المعلومات المعتمد‬

 CISA - Certified Information Systems Auditor CRISC - ‫معتمد في ضوابط المخاطر ونظم المعلومات‬

CGEIT – ‫معتمد في حوكمة تكنولوجيا المعلومات للمؤسسات‬

 CISM - Certified Information Systems Manager

 CRISC - Certified in Risk and Information Systems Controls

 CGEIT – Certified in the Governance of Enterprise IT

This course provides a comprehensive approach for auditing information systems
including specific procedures and illustrative case studies useful for audit
professionals.

‫توفر هذه الدورة منه ًجا شامال ً لتدقيق أنظمة المعلومات بما في ذلك إجراءات محددة ودراسات حالة توضيحية مفيدة لمحترفي التدقيق‬.
 This course introduces the fundamental concepts of information systems (IS)
auditing.

 This course focuses on multiple aspects of IS audit including IS control and

assurance, COBIT, business continuity planning (BCP), protection of information
assets, auditing the network infrastructure, physical access exposures and controls,
and disaster recovery management.

 This course will helps students in understanding different frameworks and

standards related to IS Auditing. ‫يقدم هذا المقرر المفاهيم األساسية لتدقيق نظم المعلومات‬.

‫ و‬،‫تركز هذه الدورة على جوانب متعددة من تدقيق نظم المعلومات بما في ذلك مراقبة وضمان نظم المعلومات‬COBIT‫ وتخطيط استمرارية األعمال‬، (BCP) ‫ وتعرض‬،‫ ومراجعة البنية التحتية للشبكة‬،‫ وحماية أصول المعلومات‬،
‫ وإدارة التعافي من الكوارث‬،‫الوصول المادي والضوابط‬.

‫سيساعد هذا المقرر الطالب على فهم أطر العمل المختلفة‬

‫المعايير المتعلقة بتدقيق نظم المعلومات‬.
By the end of this course, you will be able to acquire the following knowledge:
‫قادرا على اكتساب المعرفة التالية‬
ً ‫ سوف تكون‬،‫بنهاية هذه الدورة‬:

1. ‫تطبيق عقلية مدقق نظم المعلومات‬

1. Apply information systems auditor’s mindset 2. ‫وصف المخاطر والضوابط في المنظمات‬
3. ‫فهم معايير وإرشادات التدقيق المختلفة‬

2. Describe risks and controls in organizations ‫ سيكون الطالب جاهزين إلجراء اختبار شهادة‬،‫ بعد دراسة هذه الدورة‬CISA ‫ الخاص بـ‬ISACA

3. Understanding different auditing standards and guidelines

After studying this course, students will be ready for taking ISACA’s CISA
certification exam.
 ‫ – عملية تدقيق نظم المعلومات‬1 ‫المجال‬
‫ إدارة وظيفة التدقيق‬IS
ISACA IS ‫معايير التدقيق والضمان والمبادئ التوجيهية‬
‫ ضوابط‬IS
‫ إجراء تدقيق‬IS
Domain 1 – The Process of IS Auditing ‫إبالغ نتائج التدقيق‬
‫مراقبة التقييم الذاتي‬
‫تدقيق نظم المعلومات المتطورة‬
 Management of IS Audit Function
 ISACA IS Audit and Assurance Standards and Guidelines
 IS Controls
 Performing an IS Audit
 Communicating Audit Results
 Control Self Assessment
 The Evolving IS Audit
Domain 2 – Governance and Management of IT ‫ – حوكمة وإدارة تكنولوجيا المعلومات‬2 ‫المجال‬
‫حوكمة الشركات‬
 Corporate Governance ‫حوكمة تكنولوجيا المعلومات في المؤسسات‬
‫ استراتيجية‬IS
‫نماذج النضج وتحسين العمليات‬
 Governance of Enterprise IT ‫ممارسات االستثمار والتخصيص في تكنولوجيا المعلومات‬
‫السياسات واإلجراءات‬
 IS Strategy ‫إدارة المخاطر‬
‫ممارسة إدارة تكنولوجيا المعلومات‬
‫الهيكل التنظيمي لتكنولوجيا المعلومات والمسؤوليات‬
 Maturity and Process Improvement Models ‫تدقيق هيكل حوكمة تكنولوجيا المعلومات وتنفيذها‬
‫تخطيط استمرارية األعمال وتدقيقها‬
 IT Investment and Allocation Practices
 Policies and Procedures
 Risk Management
 IT Management Practice
 IT Organizational Structure and Responsibilities
 Auditing IT Governance Structure and Implementation
 Business Continuity Planning and its Auditing
Domain 3 - Is Acquisition, Development, Maintenance and Implementation
 Benefit Realization
 Project Management Structure
 Project Management Practice
 Business Application Development
 Virtualization and Cloud Computing Environment
 Business Application Systems
 Development Methods
 Infrastructure Development / Acquisition Practices
 IS Maintenance Practices
 System Development Tools and Productivity Aids
 Process Improvement Practices
 Application Controls
 Auditing System Development, Acquistion and Maintance
Domain 4 – IS Operations, Maintenance and Service Management
 IS Operations
 IT Assets Management
 IS Hardware
 IS Architecture and Software
 IS Network Infrastructure
 Auditing Infrastructure and Operations
 Disaster Recovery Planning
Domain 5 – Protection of Information Assets
 Information Security Management
 Logical Access
 Network Infrastructure Security
 Auditing Information Security Management Framework
 Auditing Network Infrastructure Security
 Environmental Exposures and Controls
 Physical Access Exposures and Controls
 Mobile Computing
 Peer to Peer Computing
 IM
 Social Media
 Cloud Computing
 Dara Leakage
 End User Computing Security Risk and Controls.
Candidates for this exam typically have a minimum of five years of experience as
an information systems auditor or a similar combination of education and job
experience.

For more information about prerequisites:

http://www.isaca.org/Certification/CISA-Certified-Information-Systems-
Auditor/How-to-Become-Certified/Pages/default.aspx
By the end of this course, you will be able to:

 Understand the information systems (IS) audit process and Corporate

Organizational Structure 

 Comprehend IT Risk Management

 Identify IS Policies and Procedures

 Understand Strategy Planning for Organizational Control

Certification:

Upon successful completion of this course, students will be prepared to sit for
the ISACA® Certified Information Systems Auditor (CISA) certification exam.
 ISACA’s CISA Review Manual – 27th Edition

 ISACA’s CISA Review Questions, Answers & Explanation Manual – 12th Edition

 ISACA’s Online Review Course

For more information, visit www.isaca.org/cisaprep

Domains Name % in CISA
Exam
Domain 1 The Process of Auditing Information Systems 21 %
Domain 2 Governance and Management of IT 16 %
Domain 3 IS Acquisition, Development and 18 %
Implementation
Domain 4 IS Operations, Maintenance and Service 20 %
Management

Domain 5 Protection of Information Assets 25 %

 Technology Independent

 Industry Independent

 Focus is just on the auditing of Information System.

 Focus is on IT controls in any industry using any technology.

 Three times during in a year.

Exam Window 1: Check ISACA website

Exam Window 2: Check ISACA website

Exam Window 3: Check ISACA Website

http://www.isaca.org/Certification/Pages/Exam-Registration.aspx
 150 Questions

 Multiple Choice Questions

 4 Hours Duration

 No Negative Marking

 Total Marks = 800

 Passing Marks = 450

How to earn your CISA?

http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx

For more information download “2018 CISA Exam Candidate Guide” from the following link.

http://www.isaca.org/Certification/Documents/Candidates-Guide-2018_exp_Eng_1117.PDF
 Confirms your knowledge and experience

 Quantifies and markets your expertise

 Demonstrates that you have gained and maintained the level of knowledge
required to meet the dynamic challenges of a modern enterprise

 Is globally recognized as the mark of excellence for the IS audit professional

 Increases your value to your organization

 CISA Domain 1 – The Process of IT Auditing