The CISA designation is a globally recognized certification for IS audit control, assurance and information security professionals.

Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.

During this training you will undergo intensive training in all the CISA domains and acquire the knowledge, skills and best practices to successfully conduct a full external or internal information systems audit.

By the end of the programme you will have acquire sufficient knowledge to successfully complete the ISACA CISA exam, which gives you the status of a Certified Information Systems Auditor.


Information technology, long considered as only an enabler of an organization’s strategy, is now regarded as an integral part of this business strategy. Strategic alignment between Information Technology and enterprise objectives is one of the critical success factors. With the changing landscape concerning security, corporate governance, IT service delivery and systems reliability as well as regulatory requirements, the CISA course becomes vital for information technology line and senior managers.

The course moulds information technology professionals into complete and competent individuals. The course covers the following current five CISA domain areas:

Domain 1: Information System Auditing Process (21 percent)
Domain 2: Governance and Management of IT (17 percent)
Domain 3: Information Systems, Acquisition, Development and Implementation (12 percent)
Domain 4: Information Systems Operations and Business Resilience (23 percent)
Domain 5: Protection of Information Assets (27 percent)


The course is delivered using a blended learning model of lectures, discussions, case studies, assessment and practical exercises using a highly-structured, learner-centered teaching methodology that ensures maximum learning. Helpful learning resources will be provided and access to the e-learning system.


The main objective of this course workshop is to provide a comprehensive understanding of Information Systems auditing. This course will equip participants with the knowledge and practical skills necessary to successfully perform a complete IS audit of any size of organization. This programme also adequately prepares the participant to successfully write the CISA certification exam.


The following topics are presented and discussed to increase your understanding and abilities. CISA candidates are expected to have detailed understanding in each of these areas.

1. The Process of Auditing Information Systems

Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems.

The auditing process covers IS auditing standards; Risk-based approach; Controls; Audit objectives, planning & scope; Cobit; Field Work; Identifying conditions & defining reportable findings; Review of work; Audit Results Communication;

2. Governance and Management of IT

Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.

IT governance structure, IT organizational structure and HR management; Evaluating IT Strategies; Evaluating IT policies, standards & procedures; IT Resource Investment; Evaluating Risk-management, monitoring and assurance practices;

3. Information Systems Acquisition, Development and Implementation

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.

Evaluation approach, Project Management; Functional Requirements, Feasibility Analysis; System Design; System Development; System; Acquisition, Implementation, Post-Implementation;

4. Information Systems Operations & Business Resilience

Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.

Service Level Management; Evaluating Systems Software; Evaluating Hardware Acquisition & Installation; Evaluating network infrastructure (voice & data); Evaluating change, configuration and release management; Capacity and Performance monitoring tools & techniques; Data Administration practices; Problem & Incident management practices.

5. Protection of Information Assets

This module discusses the organization’s security policies, standards, procedures and controls that ensure the confidentiality, integrity and availability of information assets.

a) Evaluate the information security and privacy policies, standards and procedures for completeness, alignment with generally accepted practices and compliance with applicable external requirements.
b) Evaluate the design, implementation, maintenance, monitoring and reporting of physical and environmental controls to determine whether information assets are adequately safeguarded.
c) Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to verify the confidentiality, integrity and availability of information.
d) Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
e) Evaluate the processes and procedures used to store, retrieve, transport and dispose of assets to determine whether information assets are adequately safeguarded.
f) Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.



(A) CISA World-wide Recognition:

CISA is one of the most recognized IS/IT certifications in the world. The American National Standards Institute (ANSI) has accredited the CISA.

CISA is a 2017 SC Magazine Award Winner for Best Professional Certification Program. Foote Partners 2017 IT Skills and Certifications Pay Index™ ranked CISA among the top paying credentials. CISA was ranked among the top five in the 2015 IT Skills and Salary Survey conducted by Global Knowledge.

(B) CISA Exam Preparation

To help optimize your preparation for the CISA certification exam, ISACA offers several study materials which can be acquired directly from ISACA. The following resources are recommended:

(I) CISA Review Manual, 27th Edition eBook —A comprehensive reference guide designed to help individuals prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor.
(II) CISA Review Questions, Answers & Explanations Manual 12th Edition—Consists of 1,000 multiple-choice study questions. These questions are not actual exam items but are intended to provide CISA candidates with an understanding of the type and structure of questions and content that have previously appeared on the exam.

(C) CISA Certification Exam

Questions: 150
Question type: MCSA (BEST answer)
Pass mark: 450 Appointment
Duration: 4 Hours
Location: Computer-based
Results: Immediate
Testing facilities: 6 Days/Week, Morning or Afternoon
Exam Reschedule: Free if done at least 48 hours prior to your scheduled appointment
Deferrals: Once for a fee of USD200

(D) Exam Registration and Fee Details:

The information below is intended to give you guidance on CISA exam fee. The total exam fees calculated as follows:
Exam Registration: USD 575
International membership fee: USD 135
New Member Fee: USD 10
Local ISACA Chapter Dues: USD 40
Total USD 760
Admin Fee(When paying via AFRALTI) USD 76
Total USD 836

Note that non-member fee is also USD 760. You should therefore consider the option of becoming ISACA member first and then register for the exam. When paying exam via AFRALTI, add exam registration and administration fee of USD 76.

Please note the ISACA’s Certified Information Systems Auditor® (CISA®) exam needs to be booked directly on the ISACA website. Upon successful completion of the exam you will be awarded Certified Information Systems Auditor® (CISA®) Status, more information is available from



Mr. Stephen Gachogu holds a Master of Science degree in Information Systems from the University of Nairobi, Bachelor of Science degree in Computing and Information Systems from the University of Portsmouth, United Kingdom and a Diploma in Education and has over 20 years experience in the ICT industry.

Mr. Gachogu is a certified Information Systems Auditor (Certificate Number: 18147184), Certified Ethical Hacker (CEH), and holds other active certifications in Cisco Certified Network Professional (CCNP), Cisco Certified Network Associate (CCNA), CCNA Security, Cisco Quality of Service Certified and is Cisco Networking Academy Instructor Trainer.

Mr. Gachogu has undergone extensive ICT training and undertaken a lot of research work on the design, implementation, and security of enterprise information systems. He holds certificates on Network Security, Wireless LANs and Security, WIMAX, VoIP, Backbone Routing, Internet Development Tools awarded by various institutions including USTTI-USA, IIT- Canada. He has attended other ICT courses in Kenya, South Africa, United Kingdom and the USA.

His area of specialization is in the design, implementation, and security of local and wide area enterprise IP networks utilizing multilayer switching and advanced routing technologies. He has expert knowledge of Information security assessment, Ethernet technology, Wireless LANs technologies, and TCP/IP protocol suite. Mr. Gachogu also specializes in assessment of information systems security.


Business and information systems management, audit, control and security professionals including the following:

  • Information systems professionals aspiring to build a career in information systems auditing
  • Internal and external auditors (both IT and financial)
  • Information security professionals
  • Finance/CPA professionals
  • Risk management professionals
  • Security managers / analysts
  • Software Managers
  • Infrastructure/Network Managers


The course is meant for IS and Business professionals specified in the target group as well as college graduates aspiring to become CISA certified.

2nd Oct – 3rd Nov 20235 Weeks (5pm to 7pm EAT)Online Instructor-led Training
29th Jan - 1st Mar 20245 Weeks (5pm to 7pm EAT)Online Instructor-led Training

How do I register for CISA training at AFRALTI?

Registration for training is currently ongoing, to get enrolled in this course, please do the following:

1. Pay the full CISA tuition.

2. Email us the completed registration form together with payment confirmation details e.g. Bank payment slip or MPESA payment confirmation.

3. Get registration details  for the eLearning course and start pre-viewing the course content.

4. Attend the virtual training on the scheduled date.

Use this form to request for a CISA training program, select CISA as the course title and fill in the all the fields respectively for early processing.