Certified Information Systems Auditor CISA (Part 3 of 5): Acquisition and Implementation

The focus of this course is on information systems acquisition, development and implementation. You as the CISA candidate provide assurance for the acquisition of information systems. Some of these tasks include: evaluate business cases, project management practices and controls, conducting reviews to determine project progression, evaluate controls for information services during all phases, evaluate readiness for implementation and migration and conduct post implementation reviews. This course contains the following lessons:

Lesson 1:

• Portfolio/Program Management
• Program Management Objectives
• Program Organization
• Project Portfolio
• Business Case Development and Approval
• Business Case Development and Approval Continued
• Benefits Realization Techniques.

Lesson 2:

• Project Context and Organizational Forms
• Influence Project Organization
• Project Communication and Culture
• Project Objectives
• WBS and Work Packages
• Audit Function
• Roles and Responsibilities.

Lesson 3:

• Project Charter
• Project Planning
• Example of Project Management for New Software
• Software Size Estimation
• Lines of Source Code
• Function Point Analysis
• Function Points
• Cost Budgets
• Software Cost Estimation and Scheduling
• Gantt Charts
• Time Box Management
• General Project Management
• Project Controlling
• Management of Resource Usage
• Inherent Project Risks
• Management of Risk and Closing.

Lesson 4:

• Business Application Development
• Reduce Project Risk
• Reduce Project Risk Continued
• Traditional SDLC Approach
• SDLC Phases
• ERP Solutions
• Description of SDLC Phases
• Description of SDLC Phases Continued
• Contents of an RFP
• Designing an RFP
• Choosing Vendors
• Design Phase
• Key Design Phase Activities
• Auditor Involvement in Design Phase
• Development Phase
• Development Phase Documentation
• Development Phase Continued
• Debugging
• Testing
• IT Approaches to Testing
• Final Testing
• Certification and Accreditation
• Other Types of Testing
• Implementation Phase
• Implementation Transition Phase
• Establish Support Functions ({) Implementation Phase Continued (|) Risk Associated with Software Development.

Lesson 5:

• Electronic Commerce
• E-Commerce Architectures
• E-Commerce Requirements
• Components of PKI
• Electronic Data Interchange
• General Requirements of EDI
• Web-Based EDI
• Controls in EDI Environment
• E-Mail
• Security Standards for E-Mail
• Standards for E-Mail Security Continued
• Symmetric and Asymmetric Encryption
• Point-of-Sale Systems and Electronic Banking
• Ongoing Risk Assessment
• Legal and Reputational Risk Management
• Payment Systems and Electronic Checks Model
• Electronic Transfer Model
• EFT Security
• Automated Teller Machines
• Image Processing
• Imaging System Controls
• Business Intelligence
• DSS Frameworks
• CRM and SCM
• Supply Chain Management.

Lesson 6:

• Alternative Development Methods
• Agile Development
• Prototyping
• Rapid Application Development.

Lesson 7:

• Data- and Object-Oriented System Development
• Object Creation
• Component-Based Development
• Web-Based Application Development
• Software Reengineering.

Lesson 8:

• Infrastructure Development and Acquisition
• Review Existing Architecture
• Project Phases of Physical Architecture Analysis
• Planning Implementation
• Planning Implementation Continued
• Hardware Acquisition
• Acquisition Steps
• System Software Acquisition and Implementation
• Change Control. Lesson 9:
• Change Authorization Methodology
• Deploying Changes
• Documentation
• Testing and Auditing Changed Programs
• Emergency Changes
• Change Exposures
• Configuration Management.

Lesson 10:

• Code Generator
• Computer Aided Software Engineering
• Fourth-Generation Languages
• Fourth-Generation Languages Continued.

Lesson 11:

• Business Process Reengineering
• Impact of Reengineering
• Benchmarking Process
• ISO 9126
• Software Capability Maturity Model
• ISO 15504.

Lesson 12:

• Input Controls
• Control Techniques
• Processing Procedures and Controls
• Processing Controls
• Data File Control Procedures
• Output Controls
• Output Controls Continued
• Business Process Control Assurance.

Lesson 13:

• Auditing Application Controls
• Risk Assessment Model
• Observing and Testing User Performing Procedures
• Data Integrity
• Example of Referential and Relational Integrity
• Data Integrity in Online Systems
• Testing Application Control Effectiveness
• Online Auditing Techniques.

Lesson 14:

• Project Management
• Feasibility Study and Requirements Definition
• Software Acquisition Process
• Detailed Design and Development
• Testing
• Implementation Phase
• System Change Procedures.