Certified: The ISACA CISA Audio Course
Episodes
Welcome to the ISACA CISA Certification
14 Oct 2025
Contributed by Lukas
Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world ...
Episode 105: Evaluating Risks of Emerging Technologies and Practices
06 Jul 2025
Contributed by Lukas
Staying ahead of risk means understanding new technologies and trends. This episode focuses on how to evaluate emerging threats related to artificial ...
Episode 104: Providing Guidance on Information Systems Quality Improvement
06 Jul 2025
Contributed by Lukas
Auditors are expected to identify improvement opportunities and support quality initiatives. In this episode, you will learn how to evaluate continuou...
Episode 103: Evaluating Threat and Vulnerability Management
06 Jul 2025
Contributed by Lukas
Organizations must proactively manage threats and vulnerabilities to remain secure. This episode covers how to audit threat intelligence collection, v...
Episode 102: Evaluating Shadow IT Risks and Controls
06 Jul 2025
Contributed by Lukas
Shadow IT introduces risk outside of sanctioned governance. This episode teaches you how to audit unsanctioned applications, unauthorized system use, ...
Episode 101: Evaluating Policies Related to IT Asset Lifecycle Management
06 Jul 2025
Contributed by Lukas
IT assets require controls from acquisition through disposal. In this episode, you will learn how to evaluate lifecycle policies, including procuremen...
Episode 100: Evaluating Privacy and Data Classification Programs
06 Jul 2025
Contributed by Lukas
Privacy and data classification are integral to protecting information assets. This episode explains how to audit privacy frameworks, policy enforceme...
Episode 99: Evaluating Data Governance Program
06 Jul 2025
Contributed by Lukas
Data governance defines how information is managed, secured, and used. This episode covers how to evaluate data ownership, stewardship, classification...
Episode 98: Evaluating IT Operations and Maintenance Practices
06 Jul 2025
Contributed by Lukas
Operations and maintenance are critical to IT service delivery and risk control. In this episode, you will learn how to audit operational support, pre...
Episode 97: Evaluating Enterprise Architecture Alignment
06 Jul 2025
Contributed by Lukas
Enterprise architecture must align with organizational strategy to ensure long-term IT value. This episode teaches you how to assess architectural doc...
Episode 96: Evaluating End-User Support Processes
06 Jul 2025
Contributed by Lukas
Supporting end users requires processes that are responsive, secure, and well-documented. This episode focuses on how to audit help desk operations, t...
Episode 95: Evaluating Supply Chain Risk and Integrity Issues
06 Jul 2025
Contributed by Lukas
Modern IT environments rely on complex supply chains that must be evaluated for risk. This episode explores how to assess supplier integrity, dependen...
Episode 94: Evaluating IT Vendor Selection and Contract Management
06 Jul 2025
Contributed by Lukas
Auditors play an essential role in verifying that vendor selection and contract oversight meet organizational, legal, and regulatory expectations. In ...
Episode 93: Evaluating IT Key Performance and Risk Indicators
06 Jul 2025
Contributed by Lukas
Key performance and risk indicators provide insight into IT effectiveness and exposure. This episode teaches you how to evaluate how KPIs and KRIs are...
Episode 92: Evaluating Ownership of IT Risks, Controls, and Standards
06 Jul 2025
Contributed by Lukas
Effective risk management requires clearly assigned ownership. In this episode, you will learn how to evaluate whether an organization has defined res...
Episode 91: Evaluating IT Resource and Project Management Alignment
06 Jul 2025
Contributed by Lukas
To succeed on the CISA exam, you must be able to assess whether IT resources and project management practices support enterprise objectives. This epis...
Episode 90: Evaluating IT Governance Effectiveness
06 Jul 2025
Contributed by Lukas
Strong governance ensures that IT delivers value and manages risk. This episode explains how to evaluate governance frameworks, board oversight, decis...
Episode 89: Evaluating IT Strategy Alignment
06 Jul 2025
Contributed by Lukas
IT strategy must support business goals and risk tolerance. In this episode, you will learn how to assess whether IT initiatives are aligned with ente...
Episode 88: Quality Assurance and Improvement of Audit Processes
06 Jul 2025
Contributed by Lukas
Audit functions must be continuously evaluated and improved. This episode covers quality assurance techniques including internal assessments, external...
Episode 87: Evaluating Automation and Decision-Making Systems
06 Jul 2025
Contributed by Lukas
Automated systems introduce unique risks and controls. This episode teaches you how to audit robotic process automation, decision engines, AI tools, a...
Episode 86: Utilizing Data Analytics in Auditing
06 Jul 2025
Contributed by Lukas
Data analytics is transforming how audits are conducted. In this episode, you will explore how to apply analytic tools for risk assessment, control te...
Episode 85: Conducting Post-Audit Follow-Up
06 Jul 2025
Contributed by Lukas
The audit is not complete until findings have been addressed. This episode focuses on follow-up activities, including how to verify remediation, reass...
Episode 84: Communicating Audit Results and Recommendations
06 Jul 2025
Contributed by Lukas
Effective communication is a key skill for audit professionals. This episode covers how to present findings clearly, structure audit reports, and deve...
Episode 83: Applying Project Management in IS Audits
06 Jul 2025
Contributed by Lukas
Auditors often lead projects that require formal planning and control. This episode explains how to apply project management principles within the aud...
Episode 82: Conducting Audits According to IS Audit Standards
06 Jul 2025
Contributed by Lukas
This episode focuses on ISACA's audit standards and how to apply them during each phase of the audit process. You will learn how to ensure consistency...
Episode 81: Planning Effective Information Systems Audits
06 Jul 2025
Contributed by Lukas
Audit planning is the foundation of a successful engagement. In this episode, you will learn how to define audit scope, assess risk, allocate resource...
Episode 80: Evidence Collection and Digital Forensics
06 Jul 2025
Contributed by Lukas
Auditors may need to evaluate how evidence is preserved and used in investigations. This episode introduces forensic readiness, chain of custody, data...
Episode 79: Security Incident Response Management
06 Jul 2025
Contributed by Lukas
Incident response is a structured process that minimizes damage and recovers operations. This episode covers detection, escalation, containment, recov...
Episode 78: Security Monitoring Tools and Techniques
06 Jul 2025
Contributed by Lukas
Ongoing monitoring is vital for detecting and responding to threats. In this episode, you will explore how to evaluate log management, SIEM systems, n...
Episode 77: Security Testing Tools and Techniques
06 Jul 2025
Contributed by Lukas
Security testing reveals weaknesses before attackers can exploit them. This episode explains how to audit vulnerability scanning, penetration testing,...
Episode 76: Information System Attack Methods and Techniques
06 Jul 2025
Contributed by Lukas
To audit effectively, you must understand how systems are attacked. This episode introduces common techniques such as phishing, malware, denial of ser...
Episode 75: Security Awareness Training and Programs
06 Jul 2025
Contributed by Lukas
Human error is a top cause of security breaches. This episode covers how to evaluate security awareness training programs, including content quality, ...
Episode 74: Mobile, Wireless, and IoT Device Security
06 Jul 2025
Contributed by Lukas
Endpoint diversity brings complexity to audits. In this episode, you will learn how to evaluate controls for mobile devices, wireless networks, and In...
Episode 73: Cloud and Virtualized Environments
06 Jul 2025
Contributed by Lukas
Cloud and virtual systems require unique controls and audit approaches. This episode focuses on how to evaluate cloud security, shared responsibility ...
Episode 72: Public Key Infrastructure (PKI)
06 Jul 2025
Contributed by Lukas
Public Key Infrastructure supports digital trust by enabling secure authentication and communication. In this episode, you will learn how to audit PKI...
Episode 71: Data Encryption Methods and Controls
06 Jul 2025
Contributed by Lukas
Encryption is one of the most powerful tools for protecting sensitive data. This episode explains how to audit encryption in transit and at rest, eval...
Episode 70: Data Loss Prevention
06 Jul 2025
Contributed by Lukas
Data loss prevention (DLP) tools and policies help prevent unauthorized exposure of sensitive information. In this episode, you will learn how to eval...
Episode 69: Network and Endpoint Security
06 Jul 2025
Contributed by Lukas
Network and endpoint security controls are essential for protecting IT infrastructure. This episode explains how to audit firewalls, intrusion detecti...
Episode 68: Identity and Access Management (IAM)
06 Jul 2025
Contributed by Lukas
Access control is a critical concept tested throughout the CISA exam. In this episode, you will learn how to audit identity provisioning, authenticati...
Episode 67: Physical and Environmental Controls
06 Jul 2025
Contributed by Lukas
Physical security is a foundational element of protecting information systems. This episode covers perimeter defenses, badge access, fire suppression,...
Episode 66: Information Asset Security Frameworks, Standards, and Guidelines
06 Jul 2025
Contributed by Lukas
Security frameworks provide the structure for implementing effective controls. In this episode, you will learn how to evaluate ISO 27001, NIST, COBIT,...
Episode 65: Overview of Domain 5 – Protection of Information Assets
06 Jul 2025
Contributed by Lukas
Domain 5 is all about securing information against unauthorized access, alteration, or loss. This episode provides a strategic overview of confidentia...
Episode 64: Disaster Recovery Planning Fundamentals
06 Jul 2025
Contributed by Lukas
Disaster recovery focuses on restoring IT systems after an outage or catastrophic event. In this episode, you will learn how to audit DR plans, assess...
Episode 63: Developing and Maintaining a Business Continuity Plan
06 Jul 2025
Contributed by Lukas
Business continuity planning ensures the organization can operate during and after disruptions. This episode explains how auditors evaluate continuity...
Episode 62: Data Backup, Storage, and Restoration Practices
06 Jul 2025
Contributed by Lukas
Backup and restoration processes are critical for protecting data integrity and ensuring continuity. In this episode, you will learn how to evaluate b...
Episode 61: System and Operational Resilience
06 Jul 2025
Contributed by Lukas
Operational resilience is about sustaining essential services under stress. This episode explains how auditors evaluate systems for fault tolerance, h...
Episode 60: Conducting a Business Impact Analysis (BIA)
06 Jul 2025
Contributed by Lukas
The business impact analysis is a foundational activity in resilience planning. In this episode, you will learn how to audit BIA processes, assess doc...
Episode 59: Overview of Business Resilience
06 Jul 2025
Contributed by Lukas
Business resilience ensures that critical operations can continue through disruption. This episode introduces the core concepts of business continuity...
Episode 58: Database Management Practices
06 Jul 2025
Contributed by Lukas
Databases are central to most IT operations, and auditors must ensure they are managed securely and efficiently. This episode covers access controls, ...
Episode 57: IT Service Level Management
06 Jul 2025
Contributed by Lukas
Service level agreements define performance expectations between IT and the business. In this episode, you will learn how to audit SLA creation, monit...
Episode 56: Operational Log Management
06 Jul 2025
Contributed by Lukas
Logs provide critical evidence for detecting incidents and monitoring system health. This episode explains how to audit log collection, retention, ana...
Episode 55: Configuration and Patch Management Processes
06 Jul 2025
Contributed by Lukas
Configuration and patch controls are essential for system stability and security. In this episode, you will learn how to audit configuration baselines...
Episode 54: Change Management Processes
06 Jul 2025
Contributed by Lukas
Effective change management minimizes disruption and maintains control over the IT environment. This episode walks you through change request procedur...
Episode 53: Problem Management and Root Cause Analysis
06 Jul 2025
Contributed by Lukas
Problem management focuses on eliminating the underlying causes of incidents. In this episode, you will learn how to audit problem detection, investig...
Episode 52: Incident Management Best Practices
06 Jul 2025
Contributed by Lukas
When things go wrong, incident management ensures that services are restored quickly and effectively. This episode explains how to audit detection pro...
Episode 51: Systems Availability and Capacity Management
06 Jul 2025
Contributed by Lukas
Auditors must verify that IT systems are designed and managed to meet performance demands. This episode explores how to evaluate availability strategi...
Episode 50: Shadow IT and End-User Computing
06 Jul 2025
Contributed by Lukas
Shadow IT introduces risk outside the view of central IT. In this episode, you will learn how to identify and audit unauthorized tools, spreadsheets, ...
Episode 49: System Interfaces
06 Jul 2025
Contributed by Lukas
When systems talk to each other, auditors must ensure that the communication is controlled and secure. This episode explores interface types (manual a...
Episode 48: Job Scheduling and Production Process Automation
06 Jul 2025
Contributed by Lukas
This episode covers how auditors evaluate job scheduling systems, batch processing, and automated task workflows. You’ll learn how to assess control...
Episode 47: IT Asset Management
06 Jul 2025
Contributed by Lukas
IT asset management is more than keeping an inventory—it’s about control, accountability, and lifecycle oversight. In this episode, you’ll learn...
Episode 46: IT Components
06 Jul 2025
Contributed by Lukas
Understanding the elements that make up the IT environment is essential for audit readiness. This episode breaks down how to evaluate the hardware, so...
Episode 45: Overview of Domain 4 – Information Systems Operations & Business Resilience
06 Jul 2025
Contributed by Lukas
Domain 4 shifts focus to the reliability and sustainability of IT operations. In this episode, you’ll gain an overview of operational controls, avai...
Episode 44: Post-Implementation Review
06 Jul 2025
Contributed by Lukas
Once a system is deployed, the work isn’t over—auditors still need to assess whether objectives were achieved. This episode teaches you how to con...
Episode 43: System Migration, Infrastructure Deployment, and Data Conversion
06 Jul 2025
Contributed by Lukas
CISA candidates must understand the risks and controls involved in moving systems and data. This episode explains how to audit system migrations, infr...
Episode 42: Implementation Configuration and Release Management
06 Jul 2025
Contributed by Lukas
Poor configuration control can lead to outages, vulnerabilities, and audit findings. In this episode, we cover how to evaluate release planning, versi...
Episode 41: System Readiness and Implementation Testing
06 Jul 2025
Contributed by Lukas
Before a new system goes live, auditors must confirm that it’s ready for production. This episode explains how to evaluate readiness through testing...
Episode 40: Control Identification and Design
06 Jul 2025
Contributed by Lukas
Strong control design starts early in the system lifecycle. In this episode, you'll learn how auditors assess whether appropriate controls have been i...
Episode 39: Agile, DevOps, and Modern SDLC Approaches
06 Jul 2025
Contributed by Lukas
Agile and DevOps are increasingly popular in IT development, and the CISA exam expects you to understand how to audit these environments. This episode...
Episode 38: Waterfall and Traditional SDLC
06 Jul 2025
Contributed by Lukas
Understanding the traditional software development lifecycle is essential for CISA candidates. This episode explains each phase of the waterfall model...
Episode 37: Business Case and Feasibility Analysis
06 Jul 2025
Contributed by Lukas
Before a project begins, auditors must evaluate whether it’s justified. This episode focuses on auditing business case development, feasibility asse...
Episode 36: Project Governance and Management
06 Jul 2025
Contributed by Lukas
Project governance ensures IT initiatives deliver value and align with business goals. This episode covers how auditors evaluate project oversight, mi...
Episode 35: Overview of Domain 3 – Information Systems Acquisition, Development & Implementation
06 Jul 2025
Contributed by Lukas
Domain 3 focuses on the controls and governance involved in acquiring and implementing IT solutions. This episode provides a strategic overview of pro...
Episode 34: Quality Assurance and Quality Management of IT
06 Jul 2025
Contributed by Lukas
The CISA exam expects candidates to understand how IT quality is planned, implemented, and improved over time. This episode covers quality assurance p...
Episode 33: IT Performance Monitoring and Reporting
06 Jul 2025
Contributed by Lukas
Audit success depends on knowing how to evaluate IT performance. This episode explains how key performance indicators (KPIs) and reports are used to m...
Episode 32: IT Vendor Management
06 Jul 2025
Contributed by Lukas
Managing third-party risk is a key topic on the CISA exam, and this episode dives into how to audit vendor selection, onboarding, performance evaluati...
Episode 31: IT Resource Management
06 Jul 2025
Contributed by Lukas
Resource management is foundational to IT governance, and the CISA exam tests your ability to evaluate how organizations allocate, monitor, and optimi...
Episode 30: Practical Data Classification Techniques and Compliance
06 Jul 2025
Contributed by Lukas
Data classification is a key input to effective security and compliance auditing. In this episode, you’ll learn how to evaluate classification polic...
Episode 29: Data Governance Program Fundamentals
06 Jul 2025
Contributed by Lukas
Governance doesn’t stop at systems—it includes data. This episode explores how data is owned, classified, and controlled across the enterprise. Yo...
Episode 28: Privacy Program and Principles
06 Jul 2025
Contributed by Lukas
Data privacy is no longer optional—it’s a regulatory and reputational imperative. This episode covers privacy frameworks, laws, and controls audit...
Episode 27: ERM Implementation and Evaluation Examples
06 Jul 2025
Contributed by Lukas
Building on the last episode, we now focus on how ERM is implemented and assessed. Through audit-relevant examples, you’ll learn how to evaluate ris...
Episode 26: ERM Frameworks and Principles
06 Jul 2025
Contributed by Lukas
Enterprise Risk Management (ERM) is a key pillar of IT governance. This episode explains risk frameworks like COSO ERM and ISO 31000 and shows how aud...
Episode 25: Enterprise Architecture and Considerations
06 Jul 2025
Contributed by Lukas
Enterprise Architecture (EA) connects IT design to business strategy, and the CISA exam wants you to evaluate how well it supports organizational goal...
Episode 24: IT Policies, Standards, Procedures, and Practices
06 Jul 2025
Contributed by Lukas
Policies and standards form the backbone of IT governance, and this episode helps you understand how auditors evaluate their design, communication, an...
Episode 23: Organizational Structure, IT Governance, and IT Strategy
06 Jul 2025
Contributed by Lukas
A solid grasp of organizational structure is key to evaluating IT governance. This episode walks you through reporting lines, governance committees, r...
Episode 22: Laws, Regulations, and Industry Standards
06 Jul 2025
Contributed by Lukas
The CISA exam expects you to recognize and apply legal, regulatory, and industry-specific requirements to audit scenarios. This episode explores major...
Episode 21: Overview of Domain 2 – Management of IT
06 Jul 2025
Contributed by Lukas
Domain 2 doesn’t stop at governance—it also expects you to understand IT management practices. This episode introduces the key responsibilities of...
Episode 20: Overview of Domain 2 – Governance of IT
06 Jul 2025
Contributed by Lukas
Domain 2 shifts your focus from audit execution to how IT supports business objectives. This episode provides a strategic overview of IT governance pr...
Episode 19: Quality Assurance and Improvement of Audit Processes
06 Jul 2025
Contributed by Lukas
ISACA expects CISA-certified professionals to uphold audit quality through structured QA practices. In this episode, we explore internal reviews, peer...
Episode 18: Audit Reporting and Communication Techniques
06 Jul 2025
Contributed by Lukas
Communicating audit results effectively is critical for both real-world auditors and CISA exam success. This episode teaches you how to write clear fi...
Episode 17: Practical Applications and Case Studies of Audit Data Analytics
06 Jul 2025
Contributed by Lukas
To truly master data analytics, you need to see it in action. This episode presents real-world examples and case studies showing how data analytics is...
Episode 16: Introduction to Audit Data Analytics Tools and Techniques
06 Jul 2025
Contributed by Lukas
Modern audits demand more than checklists—they require smart use of data. This episode introduces audit data analytics, explains the types of analyt...
Episode 15: Audit Evidence Collection Techniques
06 Jul 2025
Contributed by Lukas
Effective audits rely on strong, defensible evidence. In this episode, we explore how to gather evidence using inquiry, observation, inspection, and r...
Episode 14: Audit Testing and Sampling Methodology
06 Jul 2025
Contributed by Lukas
Sampling is a heavily tested concept, and many CISA candidates struggle to distinguish between statistical and judgmental sampling. This episode demys...
Episode 13: Audit Project Management
06 Jul 2025
Contributed by Lukas
CISA candidates must not only understand audits—they must also understand how to manage them. This episode outlines the core principles of audit pro...
Episode 12: Types of Controls and Audit Considerations
06 Jul 2025
Contributed by Lukas
The CISA exam tests your ability to evaluate and differentiate between control types—preventive, detective, corrective, and compensating. This episo...
Episode 11: Advanced Risk Assessment Methods and Practical Examples
06 Jul 2025
Contributed by Lukas
Understanding risk is a cornerstone of the CISA exam, and this episode takes you beyond the basics. You’ll explore advanced techniques such as scena...
Episode 10: Fundamentals of Risk-Based Audit Planning
06 Jul 2025
Contributed by Lukas
Risk-based planning is at the core of IT auditing and a major theme on the CISA exam. This episode covers how to prioritize audits, identify risks, an...
Episode 9: Types of Audits, Assessments, and Reviews
06 Jul 2025
Contributed by Lukas
Not all audits are the same. This episode teaches you how to distinguish between audit types—compliance, financial, operational, and more—so you c...
Episode 8: IS Audit Standards, Guidelines, and Codes of Ethics
06 Jul 2025
Contributed by Lukas
Know the rules before you’re tested on them. This episode covers the ISACA audit standards and ethics you’ll need to master for Domain 1. You’ll...
Episode 7: Overview of Domain 1 – Information Systems Auditing Process
06 Jul 2025
Contributed by Lukas
Domain 1 is the foundation of the CISA exam. In this episode, we break down what IS auditing means, how it fits into the bigger picture of IT governan...