Prepare for the CISA exam with the ISACA Athens Chapter and ISACA Accredited Trainers
CISA is ranked among the top IT-related professional certifications in the world.
CISA stands for Certified Information Systems Auditor and is ISACA’s flagship professional certification for IT professionals who audit, control, monitor and assess information technology and business systems.
With more than 145,000 members in over 180 countries, ISACA™ is a globally recognized leader in IT governance, control and assurance. Since 1978, the Certified Information Systems Auditor (CISA®) program has been the globally accepted standard of achievement in the IS audit, control and security field. CISA now counts more than 151,000 certified professionals worldwide.
The CISA Prep Course
This is the official CISA Prep Course offered by the ISACA Athens Chapter in association with the Hellenic American Union. It is given by ISACA accredited trainers in accordance with ISACA’s Accredited Training Program launched in September 2017.
The CISA Prep course provides an in-depth knowledge on the following five CISA domains that are covered on the CISA exam.
- Information Systems Auditing Process
- Governance and Management of IT
- Information Systems Acquisition, Development and Implementation
- Information Systems Operations and Business Resilience
- Protection of Information Assets
This course is offered online (9 sessions) or in-class (4 days).
Special fees apply for ISACA members
CISA Prep course offers you the following:
- 24 hours with a thorough overview and key points of the 5 domain areas of the CISA Exam
- 6 extra hours for a mock-up exam delivered within 2 months after the end of the course to refresh your knowledge
- ISACA training material
- Post-training access to the instructor for advice and support
- Analysis of particular topics which are popular exam questions
- Practice on the “Philosophy” of the examinations’ questions and testing conditions
- Reference tools
- 24 CPEs
Following each section, you will work through a series of sample questions to give you a "feel" for the format and the types of questions you will encounter.
The instructor will provide you with many reference tools and study guides, together with the official ISACA training material.
CISA is an exam that tests experience and experience cannot be taught. This course will give you specific guidelines in your study by providing an overview of the core knowledge bases included in the CISA examination ‘Common Body of Knowledge’.
Participants should continue to study the course materials and rehearse the sample questions after the course until the exam date.
To get the most out of this course, we recommend you acquire the CISA Review Manual from the ISACA bookstore, and read it at least once before attending this course.
The CISA certification is ideal for entry-level to mid-career professionals who are planning, executing and reporting on IT audit projects and tasks. Typical participants of this course are:
- IT Auditors, or experienced professionals working in audit projects
- IT managers
- Information Security professionals
- System Analysts
- IT consultants
- Experienced IT Professionals
CISA Certification pre-requisites
To certify with CISA, you must pass the CISA exam and also meet the following prerequisites:
A minimum of 5 years of experience in information systems auditing, control or security (as described in the CISA job practice areas), within the past 10 years from the date you submit your application.. This experience must be in at least one CISA Job Practice Area. Substitutions and waivers may apply for up to 3 years of experience, as follows:
- 1 year of generic information systems experience or 1 year of non-IS auditing experience can be substituted for 1 year of experience
- A 2-year or 4-year university degree can be substituted for 1 or 2 years of experience respectively
- A master’s degree in information security or information technology from an ISACA accredited university can be substituted for 1 year of experience
Introduction to CISA: Approaching the CISA Examination
- Percentage of test questions and survey results
- Definition of content, tasks questions, model answers
Domain 1: The Process of Auditing Information Systems
- Develop and implement a risk-based IT audit strategy in compliance with IT audit standards to ensure that key areas are included.
- Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization.
- Conduct audits in accordance with IT audit standards to achieve planned audit objectives.
- Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary.
- Conduct follow-ups or prepare status reports to ensure that appropriate actions have been taken by management in a timely manner.
Domain 2: Governance and Management of IT
- Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives.
- Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives.
- Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives.
- Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
- Evaluate IT management and monitoring of controls (e.g., continuous monitoring, quality assurance [QA]) for compliance with the organization’s policies, standards and procedures.
- Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives.
- Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives.
- Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed.
- Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance.
- Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption.
Domain 3: Information Systems Acquisition, Development and Implementation
- Evaluate the business case for proposed investments in information systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives.
- Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization.
- Conduct reviews to determine whether a project is progressing in accordance with project plans, is adequately supported by documentation and status reporting is accurate.
- Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization’s policies, standards, procedures and applicable external requirements.
- Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables controls and the organization’s requirements are met.
- Conduct post-implementation reviews of systems to determine whether project deliverables, controls and the organization’s requirements are met.
Domain 4: Information Systems Operations, and Business Resilience
- Conduct periodic reviews of information systems to determine whether they continue to meet the organization’s objectives.
- Evaluate service level management practices to determine whether the level of service from internal and external service providers is defined and managed.
- Evaluate third-party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider.
- Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion.
- Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives.
- Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.
- Evaluate change, configuration and release management practices to determine whether scheduled and nonscheduled changes made to the organization’s production environment are adequately controlled and documented.
- Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.
- Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.
Domain 5: Protection of Information Assets.
- Evaluate the information security policies, standards and procedures for completeness and alignment with generally accepted practices.
- Evaluate the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information.
- Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
- Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded.
- Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data and softcopy media) to determine whether information assets are adequately safeguarded.
The Anatomy of a CISA Question
How CISA questions are written
The best approach to the CISA Exam
CISA Exam application & logistics
How difficult is the CISA exam? How long would it take to study?
CISA® is quite a challenging exam. CISA is a professional certification, therefore experience is critical. Experience can be a good judge since you must have already been exposed to a lot of theory and processes, but can also be a tricky advisor and mislead you away from the “by the book” approach of ISACA. Therefore you need to study hard on the theory and the CISA Review Manual and then practice with as many sample questions as you can.
We recommend that you dedicate at least 2 to 3 months after the CISA prep Course and study every day from 1 to 3 hours.
Are CISA Prep books included in the training?
No, our CISA Prep Course does not include CISA Training manuals. The course only includes the training material provided by ISACA to the Accredited Trainers and Accredited Training Courses. We recommend you acquire the following books and prep material directly from the ISACA Bookstore. Members get discounted prices. We also recommend you acquire e-books.
- CISA Review Manual eBook, 27th Edition
- CISA Review Questions, Answers & Explanations Manual 12th Edition e-Database
How is this course different from others?
This is an ISACA Accredited Course. It includes ISACA Training Material. The Syllabus is designed according to ISACA standards and the trainers have following ISACA Training process.
The course also offers 27 CPEs. CPEs are not required for getting the CISA Certification. CPEs of this course cannot be used after you certify with CISA for maintaining the certification. However they can count for any other ISACA Certification you may already have.
You are in good hands: This course is offered by the ISACA Athens Chapter and the Hellenic American Union. ISACA Athens Chapter is designated by ISACA to offer high quality training and networking opportunities to its members, whereas the Hellenic American Union is a training leader offering a great variety of professional certification programs and professional development solutions for over 25 years.
How do I register?
We recommend you become an ISACA member and get the discounted registration fee of 550 Euros.
To become an ISACA member and register to our CISA prep course for the discounted fees, please proceed as follows:
1. Login in the official ISACA web site,
2. Fill in the membership form, pay the annual registration fee and acquire your Membership ID Nr.
3. Call us at 210-3680064, or 210-3680907 and one of our representatives will given you a voucher nr that will grant you the discounted fee of 550 Euros.
4. Login to our web site
5. Fill in the CISA Prep Registration form and in the check-out page fill in the Voucher Nr.
6. You may by by credit card in 2 installments, or by bank deposit for the total amount (1 installment only)
Nikos has more than 20 years of experience in Information Systems Audit in the Financial Services Sector, with participation in over 200 IT audit engagements in National Bank of Greece and Eurobank. H ...Learn more
You can register, or have your employer register you up to one day before the start date of the program if there are still available places. Add the program to the shopping basket. The first time you place an order you need to register. For company registrations please check the box “I am booking on behalf of my company”. Then, you fill out your personal details and you select an invoice or receipt to be issued. Then you must pay the tuition fee. Payment is available by: a) debit, prepaid, or credit card (interest-free installments will be visible if available), b) Bank payment ID, that you can use to pay at the bank or via ebanking, or c) IRIS and direct debiting your bank account.
Please note that once you successfully place your order you will receive an automated confirmation message. This does not mean that your registration is complete. Your place is reserved once you pay the relevant tuition fee. When payment is visible, we will contact you to confirm your registration.
ISACA member fees 550 Euros - Please contact us at 210-3680064, or email@example.com to learn more about this discount offer.
ISACA member fees 550 Euros - Please contact us at 210-3680064, or firstname.lastname@example.org to learn more about this discount offer.
Zoom is a web-based video conferencing tool, compatible with Mac, Windows, Linux, iOS, and Android, that allows users to meet and attend classes online. You can use Zoom from your PC or laptop, but also from your iPad or smartphone. You will have to download Zoom to one of your devices to be able to attend this program. We will send you a step-by-step guide once you register. If you use your PC or laptop you will also need a webcam, microphone, and speaker. Most computers have a microphone and speaker, but you can also use a headset with a microphone for better sound quality.
The seminar can be organized exclusively for your company, if there is a group of people who wishes to attend. The content, dates, and schedule will be tailored to your employees' needs.
Get certified with CISA
Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates your ability to manage vulnerabilities, ensure compliance and institute controls within the enterprise.
Why certify with CISA
Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates your ability to manage vulnerabilities, ensure compliance and institute controls within the enterprise. The certification also assists employers in hiring auditors who are skilled in measuring and assessing IT controls by affirming that a candidate possesses a baseline set of auditing skills.
How to apply for CISA
One must first pass the CISA exam and then proceed with the CISA certification application which includes information on:
- At least 5 years of IS auditing, control or security experience (substitutions and waivers apply)
- Adherence to the Code of Professional Ethics
- Compliance with the CISA Continuing Professional Education Policy
Those who pass the test but do not have the experience required, have up to 5 years to meet the experience requirements.
You apply online via the ISACA website at www.isaca.org.
You apply directly to ISACA. Only CISA candidates themselves can apply for the test and the certification. There are no corporate packages, neither can an employer apply on behalf of their employees.
You initially apply for the CISA exam, and if you pass you can continue with submitting your CISA application form with a non-refundable $50 application fee. After submitting your CISA application, you will receive your CISA certification within 3 to 4 weeks.
What are the eligibility criteria for taking the test
There are no eligibility criteria for taking the test. However in order to certify with CISA, you must first pass the test and then meet the CISA certification requirements.
The application form and the experience verification form are very straightforward. Either you check the boxes for the experience you have and verifiers back you up, or you don’t meet the requirements and take advantage of the next 5 years that ISACA allows you to gather experience.
How do I report my experience and who verifies this?
To qualify for CISA, you must have 5 years of information systems auditing, control, assurance or security experience within the past 10 years of the application submission date. This experience must be in at least one CISA Job Practice Area. This experience is independently verified in the Experience Verification Form by a supervisor, manager or client with whom you have worked. Verifiers fill out this form independently and return it to the candidate to include this in their certification application.
The CISA Exam Format
Domain 1 - The process of Auditing Information Systems (21%)
Domain 2 - Governance and Management of IT (16%)
Domain 3 – Information Systems Acquisition, Development, and Implementation (18%)
Domain 4 - Information Systems Operation, and Business Resilience (20%)
Domain 5 – Protection of Information Assets (25%)
- 150 questions
- 4 hours to complete the exam
- Questions format: multiple-choice
- Passing marks: 450 out of 800. (The exam is graded on a scale of 200 to 800 points
- Online exam availability at a Pearson-Vue Center
- Online exam availability from home (online proctoring)
- You may take the test anytime, anywhere
When can I take the test?
There are no specific exam dates. You can take the test online from anywhere, even at the comfort of your home, or you can take it in a designated computer lab. There is one designated lab in Athens and one in Thessaloniki. Contact us for more information.
How much does it cost?
Cost varies whether you are an ISACA member or not. Members get better prices.
CISA fees, including training, breakdown as follows - these fees are indicative, please refer to www.isaca.org :
- CISA Exam fee: Members $575, Non-Members $760
- ISACA membership fee: $145 (+$30 ISACA Athens Chapter dues – optional)
- CISA Manual ebook: from $109
- CISA e-database questions:from $299
- CISA Certification application: $50 (non-refundable)
- ISACA Athens Chapter prep course: Members 550€, Non-members: 850€
To maintain your certification you must also pay a CISA certification maintenance fee of $85 every year.
I took the test and passed - how do I maintain the certification?
To renew your CISA certification you must attain 120 CPE hours every 3 year with a minimum of 20 CPE hours per year. You must also pay a re-certification fee. See more at www.isaca.org