t: 0710-207061, +254-020-2655011/2 | e: training@afralti.org


Next Intake: 4 Feb – 20 May 2017
Sessions: Saturday Class (8am-1pm)
Tuition Fee: KSh. 52,000
Exam Fee: USD 710 Payable directly to ISACA


Information systems management, audit, control and security professionals including the following:

  • Aspiring IS auditors
  • IT/IS Professionals
  • Auditors
  • Security managers / analysts
  • Software Managers
  • Infrastructure/Network Managers

The course is meant for IS and Business professionals specified in the target group as well as college graduates aspiring to become CISA certified.


Information technology, long considered as only an enabler of an organization’s strategy, is now regarded as an integral part of this business strategy. Strategic alignment between Information Technology and enterprise objectives is one of the critical success factors. With the changing landscape concerning security, corporate governance, IT service delivery and systems reliability as well as regulatory requirements, the CISA course becomes vital for information technology line and senior managers.

The course moulds information technology professionals into complete and competent individuals.   The course covers the following five new CISA domain areas:

  1. The Process of Auditing Information Systems
  2. Governance and Management of IT
  3. Information Systems Acquisition, Development and Implementation
  4. Information Systems Operations, Maintenance and Support
  5. Protection of Information Assets



The course is delivered using a blended learning model of lectures, discussions, case studies, assessment and practical exercises using a highly-structured, learner-centered teaching methodology that ensures maximum learning. Helpful learning resources will be provided.


The main objective of this course workshop is to provide a comprehensive understanding of Information Systems auditing. This course will equip participants with the knowledge and practical skills necessary to successfully perform an audit process. This programme also adequately prepares the participant to successfully write the CISA certification exam.


The following topics are presented and discussed to increase your understanding and abilities. CISA candidates are expected to have detailed understanding in each of these areas.

1. The Process of Auditing Information Systems

Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems.

The auditing process covers IS auditing standards; Risk-based approach; Controls; Audit objectives, planning & scope; Cobit; Field Work; Identifying conditions & defining reportable findings; Review of work; Audit Results Communication;

2. Governance and Management of IT

Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.

IT governance structure, IT organizational structure and HR management; Evaluating IT Strategies; Evaluating IT policies, standards & procedures; IT Resource Investment; Evaluating Risk-management, monitoring and assurance practices;

3.  Information Systems Acquisition, Development and Implementation

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.

Evaluation approach, Project Management; Functional Requirements, Feasibility Analysis; System Design; System Development; System; Acquisition, Implementation, Post-Implementation;

4. Information Systems Operations, Maintenance and Support

Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.

Service Level Management; Evaluating Systems Software; Evaluating Hardware Acquisition & Installation; Evaluating network infrastructure (voice & data); Evaluating change, configuration and release management; Capacity and Performance monitoring tools & techniques; Data Administration practices; Problem & Incident management practices.

5. Protection of Information Assets

Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.


For candidates intending to sit for the CISA examinations with ISACA, more information is available from www.isaca.org/cisa.



David Njoga has over 15 years of experience in the ICT space, having grown his profession in Systems Administration, Network Management and Security Management making him a highly accomplished, talented and knowledgeable ICT professional with extensive knowledge of designing new ICT solutions, systems administration, network management, information security assurance and information systems audit to improve business productivity and efficiency.

David has worked in the Kenya Defence Forces in major IT functional roles between 2003 and 2010, and the national carrier,  Kenya Airways Ltd between 2010 and 2012 as Business Continuity Analyst. He has a wide experience in the practice and research in Enterprise Risk Management specializing in IT Value Delivery, IT Performance Measurement, IT Resource Management, Strategic Alignment, Project Management, Process Integration and Business Continuity Management.

He holds a BSc Information Sciences from Moi University, and will soon be a holder of a MSc IT degree specializing in Information Systems Security and Audit & Networking Communications of Strathmore University.

In addition to being a Certified Information Systems Auditor (CISA) and holder of a Certificate of the Business Continuity Institute (CBCI), David is a member of the Information Systems Audit and Control Association (ISACA), the Business Continuity Institute (BCI) and the Institute of Risk Management (IRM).


Mr. Stephen Gachogu holds a Master of Science degree in Information Systems from the University of Nairobi, Bachelor of Science degree in Computing and Information Systems from the University of Portsmouth, United Kingdom and a Diploma in Education and has over 15 years experience in the ICT industry.

Mr. Gachogu has undergone extensive ICT training and undertaken a lot of research work on the design and implementation of enterprise IP networks.  He holds certificates on Network Security, Wireless  LANs and Security, WIMAX, VoIP, Backbone Routing, Internet Development Tools awarded by various institutions including USTTI-USA, IIT-Canada. He has attended other ICT courses in Kenya, South Africa, United Kingdom and the USA.

Mr. Gachogu is a qualified Information Systems Auditor (CISA-ISACA), Certified Ethical Hacker (CEH),  and holds other active certifications in Cisco Certified Network Professional (CCNP), Cisco Certified Network Associate (CCNA), CCNA Security, Cisco Quality of Service Certified and is Cisco Networking Academy Instructor Trainer.

His area of specialization is in the design, implementation and security of local and wide area enterprise IP networks utilizing multilayer switching and advanced routing technologies.  He has expert knowledge of Ethernet technology, Wireless LANs technologies and TCP/IP protocol suite.


Online Registration Form
Download Registration Form