Before you start pursuing the exam, you might want to take a closer look at the CISA Exam Syllabus, and determine how much you need to learn from scratch, and how much you can rely on existing experience.
The first domain covers how IT auditors provide services in accordance with IT audit standards, in order to assist the organization in protecting and controlling information systems.
The tasks include developing and implementing a risk-based IT audit strategy, planning and conducting the audit, and reporting findings.
Candidates are expected to know the ISACA IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards.
The second domain covers how IT auditors provide assurance that necessary organization structure and processes are in place.
For example, they need to evaluate the effectiveness of the IT governance structure, organizational structure, HR management, and policies and standards, in order to determine whether they support the organization’s strategies and objectives.
The third domain covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization’s strategies and objectives.
Tasks include evaluating proposed investments in IS acquisition, development, maintenance and subsequent retirement, evaluating project management practices and controls and conducting reviews.
Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.
Specifically, it includes conducting periodic reviews of IS, and evaluation such as service level management practices, operations and end-user procedures, and process of information systems maintenance.
The last domain covers how IT auditors provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.
This includes evaluating the information security policies, standards and procedures; the design, implementation and monitoring of various controls, such as system and logical security controls, data classification processes, and physical access and environmental controls.
Domains 4 and 5 represents more than half of the syllabus. It is important that you know these two areas very well, and at the same time achieve a decent score in the other domains.
For details, check out this page.
I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.