CISA Cert Masterclass - Pass the Exam in 2026 (+20 CPE)

This course is a complete, structured study program for the ISACA Certified Information Systems Auditor (CISA) exam. Built domain by domain against the official CISA exam blueprint, it covers every topic area you need to understand before sitting for the exam — from audit methodology and IT governance through systems development, IT operations, and information security. If you are an IT auditor, internal auditor, compliance analyst, GRC professional, or security manager targeting the CISA certification, this course gives you a study path you can follow from start to finish. Domain 1 — Information Systems Auditing Process (18% of the exam) — covers everything involved in planning and executing an IT audit engagement. Topics include audit planning and scope definition, risk-based audit approaches, evidence collection techniques, sampling methods, audit documentation, reporting findings to management, following up on corrective actions, and building and maintaining a quality assurance program aligned to ISACA standards. You will understand how to apply IS audit standards and guidelines in real engagements and how to document findings in ways that hold up to scrutiny from regulators, external auditors, and audit committees. Domain 2 — Governance and Management of IT (18%) — covers the frameworks and structures organizations use to align IT with business objectives. Topics include IT governance frameworks (COBIT, ITIL, ISO 38500), enterprise architecture models, IT strategy and portfolio management, IT organizational structures, data governance, IT-related laws and regulations (SOX, GDPR, HIPAA, PCI DSS, GLBA, FERPA), third-party management, and IT performance monitoring using KPIs and KRIs. You will understand how auditors evaluate whether IT governance structures are effective and how they assess regulatory compliance programs. Domain 3 — Information Systems Acquisition, Development, and Implementation (12%) — covers the controls auditors evaluate across the full systems development lifecycle. Topics include project management governance (PMI, PRINCE2), SDLC methodologies (waterfall, Agile, DevOps), requirements definition and change control, software development controls, testing types and test management, configuration management, release management, post-implementation review, and acquisition and vendor selection processes. Understanding these controls is essential for auditors who review ERP implementations, cloud migrations, custom software projects, and enterprise system upgrades. Domain 4 — Information Systems Operations and Business Resilience (26%) — is one of the two largest domains on the exam. Topics include IT infrastructure components and management, IT asset management (hardware and software), IT service management (ITIL), change and patch management, incident and problem management, database administration controls, network infrastructure and monitoring, cloud operations, business continuity planning (BCP), disaster recovery planning (DRP), backup and recovery strategies, RTO and RPO targets, and business impact analysis (BIA). Auditors who can evaluate resilience programs against frameworks like NIST SP 800-34 and ISO 22301 are in high demand across industries subject to regulatory scrutiny. Domain 5 — Protection of Information Assets (26%) — covers the security controls that auditors evaluate to determine whether sensitive data and systems are adequately protected. Topics include information security governance and policy, data classification frameworks, identity and access management (IAM), privileged access management, multi-factor authentication, network security controls (firewalls, IDS/IPS, VPN, WAF, network segmentation), encryption standards and key management, public key infrastructure (PKI), endpoint protection, vulnerability management programs, penetration testing oversight, security incident response, security awareness and training programs, and privacy program controls. This domain maps closely to ISO 27001/27002, NIST CSF, and NIST SP 800-53 — frameworks that appear frequently in CISA exam scenarios. This course is built differently from reading the CISA Review Manual cover to cover. Each lesson is a narrated video that explains how concepts connect to each other and to real audit work — not just what the definition is, but how an auditor applies it. Every domain includes practice questions designed to mirror the style and difficulty of CISA exam scenarios, covering not just recall but application and analysis. The course closes with two full-length practice exams with detailed answer explanations, so you can measure your readiness and focus your remaining study time where it matters most. Major topics covered: IT audit standards, ISACA code of ethics, audit charter, control objectives, audit risk, materiality, sampling, evidence, audit reporting, COBIT 2019, IT governance frameworks, enterprise architecture, IT strategy, data governance, SOX compliance, GDPR, HIPAA, PCI DSS, SDLC controls, Agile audit, project management controls, change management, patch management, ITIL service management, BCP/DR, RTO/RPO, BIA, cloud security, access control models, encryption, IAM, MFA, network security, vulnerability management, ISO 27001, NIST CSF, NIST SP 800-53, incident response, GRC, compliance audit, information systems audit, CISA exam prep 2026.