CISA Exam Structure
The exam focuses on 5 domains:
1️⃣ Information System Auditing Process (≈ 21%)
Audit planning and scoping
Risk analysis
Audit execution
Reporting and follow-up
2️⃣ Governance and Management of IT (≈ 17%)
IT governance principles
Strategic planning
Policy development
Resource and risk management
3️⃣ Information System Acquisition, Development, and Implementation (≈ 12%)
Project management
System development life cycle (SDLC)
Controls in system acquisition and implementation
4️⃣ Information Systems Operations and Business Resilience (≈ 23%)
IT operations
Service management
Performance monitoring
Incident response
Business continuity and disaster recovery
5️⃣ Protection of Information Assets (≈ 27%)
Access controls
Security policies and procedures
Network and data security
Physical and environmental controls