•    Confirms your knowledge and experience.
•    Quantifies and markets your expertise.
•    Demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise.
•    Is globally recognized as the mark of excellence for the IS audit professional.
•    Combines the achievement of passing a comprehensive exam with recognition of work and educational experience, providing you with credibility in the marketplace.
•    Increases your value to your organization.
•    Gives you a competitive advantage over peers when seeking job growth.
•    Helps you achieve a high professional standard through ISACA's requirements for continuing education and ethical conduct.

Domain 1: Information Systems Auditing Process (21%)
A. Planning
•    IS Audit Standards, Guidelines, and Codes of Ethics
•    Business Processes
•    Types of Controls
•    Risk-Based Audit Planning
•    Types of Audits and Assessments
B. Execution
•    Audit Project Management
•    Sampling Methodology
•    Audit Evidence Collection Techniques
•    Data Analytics
•    Reporting and Communication Techniques
•    Quality Assurance and Improvement of the Audit Process

Domain 2: Governance and Management of IT (17%)
A. IT Governance
•    IT Governance and IT Strategy
•    IT-Related Frameworks
•    IT Standards, Policies, and Procedures
•    Organizational Structure
•    Enterprise Architecture
•    Enterprise Risk Management
•    Maturity Models
•    Laws, Regulations, and Industry Standards affecting the Organization
B. IT Management
•    IT Resource Management
•    IT Service Provider Acquisition and Management
•    IT Performance Monitoring and Reporting
•    Quality Assurance and Quality Management of IT

Domain 3: Information Systems Acquisition, Development, and Implementation (12%)
A. Information Systems Acquisition and Development
•    Project Governance and Management
•    Business Case and Feasibility Analysis
•    System Development Methodologies
•    Control Identification and Design
B. Information Systems Implementation
•    Testing Methodologies
•    Configuration and Release Management
•    System Migration, Infrastructure Deployment and Data Conversion
•    Post-implementation Review

Domain 4: Information Systems Operations and Business Resilience (23%)
A. Information Systems Operations
•    Common Technology Components
•    IT Asset Management
•    Job Scheduling and Production Process Automation
•    System Interfaces
•    End-User Computing
•    Data Governance
•    Systems Performance Management
•    Problem and Incident Management
•    Change, Configuration, Release, and Patch Management
•    IT Service Level Management
•    Database Management
B. Business Resilience
•    Business Impact Analysis (BIA)
•    System Resiliency
•    Data Backup, Storage, and Restoration
•    Business Continuity Plan (BCP)
•    Disaster Recovery Plans (DRP)

Domain 5: Protection of Information Assets (27%)
A. Information Asset Security and Control
•    Information Asset Security Frameworks, Standards, and Guidelines
•    Privacy Principles
•    Physical Access and Environmental Controls
•    Identity and Access Management
•    Network and End-Point Security
•    Data Classification
•    Data Encryption and Encryption-Related Techniques
•    Public Key Infrastructure (PKI)
•    Web-Based Communication Techniques
•    Virtualized Environments
•    Mobile, Wireless, and Internet-of-Things (IoT) Devices
B. Security Event Management
•    Security Awareness Training and Programs
•    Information System Attack Methods and Techniques
•    Security Testing Tools and Techniques
•    Security Monitoring Tools and Techniques
•    Incident Response Management
•    Evidence Collection and Forensics

•    Executives and professionals in IT.
•    Experts in information and operational risk management.
•    Specialists in IT infrastructure security.
•    Internal control professionals.
•    IT auditors