This book will not teach you everything you need to know about auditing systems and controls, or even about an auditing standard or procedure. Nor is this book an introduction to computer technology. This book reviews what you need to know before you take the test, with its fundamental purpose dedicated to reviewing the information needed on the ISACA CISA certification exam. This book uses a variety of teaching and memorization techniques to analyze the exam-related topics and to provide you with everything you will need to know to pass the test. Again, it is not a comprehensive introduction to information systems and controls auditing. About the Book If you are preparing for the CISA exam for the first time, you should know that we have structured the topics in this book to correspond directly to the CISA exam objective content areas as published by ISACA. The topic areas for the exam often overlap in required understanding and can sometimes seem somewhat redundant. Topic areas can often intertwine, to make elimination of redundancy unavoidable. Try not to let redundancy bother you; instead, let it reinforce the concept interdependencies you need to understand to pass the CISA exam. We suggest that you read this book from front to back. You will not be wasting your time because nothing we have written is a guess about an unknown exam. We have had to explain certain underlying information on such a regular basis that we have included those explanations here. After you have read the book, you can brush up on a certain area by using the index or the table of contents to go straight to the topics and questions you want to re-examine. We have tried to use the headings and subheadings to provide outline information about each given topic. After you have been certified, we think you will find this book useful as a tightly focused reference and an essential foundation of information systems and controls auditing. Each Exam Cram 2 chapter follows a regular structure, along with graphical cues about especially important or useful material. The structure of a typical chapter is as follows: Opening hotlists Each chapter begins with lists of the terms you will need to understand and the concepts you will need to master before you can be fully conversant in the chapter's subject matter. We follow the hotlists with a few introductory paragraphs, setting the stage for the rest of the chapter. Topical coverage After the opening hotlists, each chapter covers the topics related to the chapter's subject. Exam Alerts Throughout the text, we highlight material most likely to appear on the exam by using a special Exam Alert that looks like this: Even if material is not flagged as an Exam Alert, all the content in this book is associated in some way with test-related material. What appears in the chapter content is critical knowledge. This is what an Exam Alert looks like. An Exam Alert stresses concepts, terms, or best practices that will most likely appear in one or more certification exam questions. For that reason, we think any information presented in an Exam Alert is worthy of unusual attentiveness on your part. Notes This book is an overall examination of information systems and controls auditing. As such, we dip into many aspects of systems auditing. Where a body of knowledge is deeper than the scope of the book, we use notes to indicate areas of concern. Cramming for an exam will get you through a test, but it will not make you a competent information systems auditing professional. Although you can memorize just the facts you need to become certified, your daily work in the field will rapidly put you in water over your head if you do not know the underlying principles of systems auditing and IT governance. Tips We provide tips that will help you to build a better foundation of knowledge or to focus your attention on an important concept that reappears later in the book. Tips provide a helpful way to remind you of the context surrounding a particular area of a topic under discussion. An IS auditor's primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function. Practice questions This section presents a short list of test questions related to the specific chapter topic. Following each question is an explanation of both correct and incorrect answers. The practice questions highlight the areas we found to be most important on the exam. The bulk of the book follows this chapter structure, but we would like to point out a few other elements: Glossary This is an extensive glossary of important terms used in this book. The Cram Sheet This appears as a tear-away sheet inside the front cover of this Exam Cram 2 book. It is a valuable tool that represents a collection of the most difficult-to-remember facts and numbers we think you should memorize before taking the test. Remember, you can dump this information out of your head onto a piece of paper as soon as you enter the testing room. These are usually facts that we have found require brute-force memorization. You need to remember this information only long enough to write it down when you walk into the test room. Be advised that you will be asked to surrender all personal belongings other than pencils before you enter the exam room itself. You might want to look at the Cram Sheet in your car or in the lobby of the testing center just before you walk into the testing center. The Cram Sheet is divided under headings, so you can review the appropriate parts just before each test. The CD The CD also contains the Certified Tech Trainers exam-simulation software. The included software provides an additional 200 practice questions in electronic format. CTT's practice questions even include audiovisual mentored feedback for each question, to reteach you the information you need to correctly answer the question, or possibly just to teach you professional exam-taking shortcuts for answering difficult questions. In addition to more practice questions with audio/video mentored feedback, the CD contains a short audiovisual presentation by one of this book's authors, Allen Keele. The presentation gives you a good orientation to "set the scene" for this book, the CISA certification, and the information systems auditing and security environment. |