Certified: The ISACA CISA Audio Course

Domain 4 shifts focus to the reliability and sustainability of IT operations. In this episode, you’ll gain an overview of operational controls, availability, service delivery, incident response, and …

Once a system is deployed, the work isn’t over—auditors still need to assess whether objectives were achieved. This episode teaches you how to conduct a post-implementation review, evaluate project o…

CISA candidates must understand the risks and controls involved in moving systems and data. This episode explains how to audit system migrations, infrastructure rollouts, and data conversion processe…

Poor configuration control can lead to outages, vulnerabilities, and audit findings. In this episode, we cover how to evaluate release planning, version control, rollback procedures, and configuratio…

Before a new system goes live, auditors must confirm that it’s ready for production. This episode explains how to evaluate readiness through testing, validation, and stakeholder approvals. You’ll lea…

Strong control design starts early in the system lifecycle. In this episode, you'll learn how auditors assess whether appropriate controls have been identified and designed during planning, developme…

Agile and DevOps are increasingly popular in IT development, and the CISA exam expects you to understand how to audit these environments. This episode explains how control requirements shift in itera…

Understanding the traditional software development lifecycle is essential for CISA candidates. This episode explains each phase of the waterfall model and the corresponding audit controls. You'll lea…

Before a project begins, auditors must evaluate whether it’s justified. This episode focuses on auditing business case development, feasibility assessments, and benefit realization. You'll learn how …

Project governance ensures IT initiatives deliver value and align with business goals. This episode covers how auditors evaluate project oversight, milestone tracking, risk management, and stakeholde…

Domain 3 focuses on the controls and governance involved in acquiring and implementing IT solutions. This episode provides a strategic overview of project governance, system development methodologies…

The CISA exam expects candidates to understand how IT quality is planned, implemented, and improved over time. This episode covers quality assurance policies, continuous improvement practices, metric…

Audit success depends on knowing how to evaluate IT performance. This episode explains how key performance indicators (KPIs) and reports are used to measure service delivery, support governance goals…

Managing third-party risk is a key topic on the CISA exam, and this episode dives into how to audit vendor selection, onboarding, performance evaluation, and contract compliance. You'll learn how to …

Resource management is foundational to IT governance, and the CISA exam tests your ability to evaluate how organizations allocate, monitor, and optimize people, hardware, software, and funding. This …

Data classification is a key input to effective security and compliance auditing. In this episode, you’ll learn how to evaluate classification policies, review labeling and access controls, and under…

Governance doesn’t stop at systems—it includes data. This episode explores how data is owned, classified, and controlled across the enterprise. You’ll learn how to evaluate governance roles, policies…

Data privacy is no longer optional—it’s a regulatory and reputational imperative. This episode covers privacy frameworks, laws, and controls auditors must assess during evaluations. You'll also learn…

Building on the last episode, we now focus on how ERM is implemented and assessed. Through audit-relevant examples, you’ll learn how to evaluate risk ownership, review program maturity, and assess do…

Enterprise Risk Management (ERM) is a key pillar of IT governance. This episode explains risk frameworks like COSO ERM and ISO 31000 and shows how auditors evaluate the structure, roles, and processe…