CISA考纲中英文对照

SITC学习交流资料，仅供参考。CISA专业信息来自考试大纲（中英对照）SITC学习交流资料，仅供参考。CISA专业信息来自–EarlyRegistrationDeadline13April–FinalRegistrationDeadline9June-Exam15August–EarlyRegistrationDate26September–FinalRegistrationDate8December–ExamSITCCISATrainingScheduleSeptember2007TrainingDatesNovember2007TrainingDates12Sep-16Sep–InclassroomTraining22Oct-24Nov–OnlineTraining1Dec–Pre-ExamStorm7Nov-11Nov–InclassroomTraining19Nov-30Nov–OnlineTraining1Dec–Pre-ExamStormCISA培训联系人：乔梁联系电话：021－62126633－6025EEmail:qiaol@sh.cei.gov.cn考试范围%ofExam考试比重1ISAuditProcess102ITGovernance153SystemsandInfrastructureLifecycleManagement164ITServiceDeliveryandSupport145ProtectionofInformationAssets316BusinessContinuityandDisasterRecovery14SITC学习交流资料，仅供参考。CISA专业信息来自信息系统审计程序ProvideISauditservicesinaccordancewithISauditstandards,guidelines,andbestpracticestoassisttheorganizationinensuringthatitsinformationtechnologyandbusinesssystemsareprotectedandcontrolled.依据信息系统审计标准、准则和最佳实践等提供信息系统审计服务以帮助组织确保其信息技术和运营系统得到保护并受控。1.1Developandimplementarisk-basedISauditstrategyfortheorganizationincompliancewithISauditstandards,guidelinesandbestpractices.1.2PlanspecificauditstoensurethatITandbusinesssystemsareprotectedandcontrolled.1.3ConductauditsinaccordancewithISauditstandards,guidelinesandbestpracticestomeetplannedauditobjectives.1.4Communicateemergingissues,potentialrisks,andauditresultstokeystakeholders.1.5Adviseontheimplementationofriskmanagementandcontrolpracticeswithintheorganizationwhilemaintainingindependence.1.5Adviseontheimplementationofriskmanagementandcontrolpracticeswithintheorganization,whilemaintainingindependence.1.1根据信息系统审计标准、准则和最佳实践，为组织制定和实施基于风险的信息系统审计战略。1.2为确保信息技术和运营系统是受保护和受控的，规划详尽的审计。1.3遵照信息系统审计标准、准则和最佳实践，实施审计，以达到制定的审计目标。1.4就新出现的问题、潜在的风险和审计结果（结论），与利益相关人沟通。1.5在保持独立性的前提下，为组织内部风险管理和控制实务的实施提供建议和意见。KnowledgeStatements知识描述1.1KnowledgeofISACAISAuditingStandards,GuidelinesandProceduresandCodeofProfessionalEthics1.2KnowledgeofISauditingpracticesandtechniques1.3Knowledgeoftechniquestogatherinformationandpreserveevidence(e.g.,observation,inquiry,interview,CAATs,electronicmedia)1.4Knowledgeoftheevidencelifecycle(e.g.,thecollection,protection,chainofcustody)1.5KnowledgeofcontrolobjectivesandcontrolsrelatedtoIS(e.g.,CobiT)1.6Knowledgeofriskassessmentinanauditcontext1.7Knowledgeofauditplanningandmanagementtechniques1.8Knowledgeofreportingandcommunicationtechniques(e.g.,facilitation,negotiation,conflictresolution)1.9Knowledgeofcontrolself-assessment(CSA)1.10Knowledgeofcontinuousaudittechniques1.1ISACA发布的信息系统审计标准、准则、程序和职业道德规范1.2IS审计实务和技术1.3收集信息和保存证据的技术（如观察、调查问卷、谈话、计算机辅助审计技术、电子介质）1.4证据的生命周期（如证据的收集、保护和证据之间的相关性）1.5与信息系统相关的控制目标和控制（如CobiT模型）1.6审计过程中的风险评估1.7审计计划和管理技术1.8报告和沟通技术（如推进、商谈、解决冲突）1.9控制自我评估（CSA）SITC学习交流资料，仅供参考。CISA专业信息来自不间断审计技术（即：连续审计技术）ContentArea2:ITGovernanceIT治理Toprovideassurancethattheorganizationhasthestructure,policies,accountability,mechanisms,andmonitoringpracticesinplacetoachievetherequirementsofcorporategovernanceofIT.确保组织拥有适当的结构、政策、工作职责、运营、管理机制和监督实务，以达到公司治理中对IT方面的要求。2.1EvaluatetheeffectivenessofITgovernancestructuretoensureadequateboardcontroloverthedecisions,directions,andperformanceofITsothatitsupportstheorganization’sstrategiesandobjectives.2.2EvaluateITorganizationalstructureandhumanresources(personnel)managementtoensurethattheysupporttheorganization’sstrategiesandobjectives.2.3EvaluatetheITstrategyandtheprocessforitsdevelopment,approval,implementation,andmaintenancetoensurethatitsupportstheorganization’sstrategiesandobjectives.2.4Evaluatetheorganization’sITpolicies,standards,andprocedures;andtheprocessesfortheirdevelopment,approval,implementation,andmaintenancetoensurethattheysupporttheITstrategyandcomplywithregulatoryandlegalrequirements.2.5Evaluatemanagementpracticestoensurecompliancewiththeorganization’sITstrategy,policies,standards,andprocedures.2.6EvaluateITresourceinvestment,use,andallocationpracticestoensurealignmentwiththeorganization’sstrategiesandobjectives.2.7EvaluateITcontractingstrategiesandpolicies,andcontractmanagementpracticestoensurethattheysupporttheorganization’sstrategiesandobjectives.2.8Evaluateriskmanagementpracticestoensurethattheorganization’sITrelatedrisksareproperlymanaged.2.9EvaluatemonitoringandassurancepracticestoensurethattheboardandexecutivemanagementreceivesufficientandtimelyinformationaboutITperformance.2.1评估IT治理结构的效果，以确保董事会对IT决策、IT方向和IT性能的充分（且适当的）控制，从而支持组织的战略和目标。2.2评估IT组织结构和人力资源管理，确保对组织战略和目标的支持。2.3评估IT战略及其起草、批准、实施和维护的程序，以保证其对组织战略和目标的支持。2.4评估组织的IT政策、标准和程序，及其制定、批准、实施和维护的流程，以确保其对IT战略的支持并符合法律、法规的要求。2.5评估管理实务，确保其符合组织的IT战略、政策、标准和程序的要求。2.6评估IT资源的投资、使用和配置实务，确保符合组织的战略和目标。2.7评估IT签约战略和政策、及合同管理实务，以保证其对组织战略和目标的支持。2.8评估风险管理实务，确保组织的、与IT相关的风险得到了适当的管理。2.9评估监督和保证实务，保证董事会和执行经理层能及时、充分地获得有关IT绩效的信息。KnowledgeStatements知识描述2.1KnowledgeofthepurposeofITstrategies,policies,standardsandproceduresforanorganization