Meeting summary for SIP Study Group - 21st May 2025

Quick recap

The session focused on the Certified Information Systems Auditor (CISA) exam, specifically Domain 1 which covers the information system auditing process and comprises 18% of the exam. The presenter shared his experience as an IT auditor and outlined the key responsibilities and career progression path for auditors, emphasizing the importance of continuous learning and key skills like technical expertise and communication abilities. The presentation covered comprehensive audit processes, including sampling methods, different types of audits, and communication strategies, while also discussing exam preparation techniques and the importance of staying updated on emerging trends in the field.

Next steps

• Winton to conduct the next session on Domain 2 of the CISA exam next week.
• Attendees to connect with Winton on LinkedIn for further discussions and networking.
• Attendees interested in personalized guidance to book a free 15-minute discovery call through the Safer Internet Project website.
• Attendees to focus on practicing questions from the ISACA Questions, Answers, and Explanations database, particularly on their weak areas.
• Attendees to adopt the ISACA global perspective while studying for the CISA exam.

Summary

CISA Exam Domain 1 Overview

Winton introduced the session on the Certified Information Systems Auditor (CISA) exam, focusing on Domain 1, which covers the information system auditing process. He explained that this domain comprises 18% of the exam and shared his personal experience as an IT auditor, emphasizing the importance of the role. Winton outlined the structure of the presentation, which includes ten sections, and encouraged participants to connect with him on LinkedIn or book a free discovery call for further assistance. He also invited attendees to share their goals and expectations for the session.

IT Auditor Career Path Overview

Winton presented on the role of IT auditors, explaining their core responsibilities which include assessing risk, evaluating controls, and ensuring compliance with regulatory requirements. He detailed the career progression path from junior roles to director level positions, highlighting that success depends on continuous learning and skill development. Winton emphasized the importance of key skills such as technical expertise, regulatory framework knowledge, risk quantification, and strong communication abilities, while noting that the CISA certification can increase salary by 15-25% compared to non-certified peers.

Audit Process Overview and Best Practices

Winton led a comprehensive overview of audit processes, covering the learning objectives for domain one, which include planning audits, conducting risk-based strategies, applying project management methodologies, and communicating findings to stakeholders. He explained the phases of an audit, emphasizing the importance of testing controls to ensure their effectiveness and independence. Winton also discussed different types of audits, risk-based audit planning, and the various types of controls, including managerial, technical, IA-specific, and physical controls. He highlighted the need for auditors to remain independent and upskill to adapt to rapidly changing technologies.

Audit Sampling and Testing Concepts

Winton explained the concept of audit sampling, emphasizing its use in gathering evidence about a population by testing a representative sample, and discussed the importance of sampling methodology depending on risk levels. He described the three phases of an audit: fieldwork, reporting, and follow-up, and explained the difference between compliance testing, which evaluates control effectiveness, and substantive testing, which focuses on transaction accuracy. Winton also covered various audit techniques, including observations, interviews, documentation review, and data analytics, highlighting the importance of efficient resource management and proper documentation in audit processes.

Enhancing Audit Communication Strategies

Winton emphasized the importance of effective communication in auditing to save time and resolve issues efficiently with stakeholders and clients. He highlighted the potential for fraud and the need for formal, clear communication, especially when delivering bad news about high-risk items. Winton also stressed the importance of continuous improvement in audit processes to adapt to changing landscapes, urging auditors to upskill, stay updated on emerging trends, and work collaboratively as a team.

Exam Preparation and Success Strategies

Winton discussed exam preparation strategies, emphasizing the importance of understanding Osaka's perspective and focusing on objective question analysis rather than personal experience. He shared insights from his own experience with CISSP and penetration testing exams, highlighting the value of practice questions and targeting weak areas for improvement. Winton also mentioned a personal success story of helping a LinkedIn connection secure a new role through his guidance. He concluded by promising to make next week's session more engaging as the course progresses and encouraged participants to connect with him on LinkedIn.