CITP Exam Information and Guideline
Certified Information Technology Professional (CITP)
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
The content of the Certified Information Technology Professional (CITP) Examination was developed to test a candidates understanding of the fundamental sections of the CITP body of knowledge. The content of each of the topical sections is described in outline form and provides an overview of the knowledge and skills tested on the CITP Examination.
The examination questions are intended to test each content area and its logical extensions.
The percentage following each major content area in the outline represents the approximate weighting for that content area. The examination is fully computerized and consists of multiple-choice questions only
Module I: Information Security & Cyber Risks
A. Information Security Governance (25%)
1. Information security strategy
2. Policy, procedures, processes, and standards
3. Logical access controls
4. Hardware and physical access controls
5. Security authorization & authentication
6. Business continuity & disaster recovery
B. Cybersecurity Risk Management (12%)
1. Cybersecurity threats
2. Data breaches and privacy
3. Vulnerability management
C. SOC for Cybersecurity (3%)
1. Purpose
2. Content
3. Target audiences
4. How to use in conjunction with cybersecurity risk mitigation
Module II: Business Intelligence, Data Management and Analytics
A. Data Management (5%)
1. Information lifecycle management
2. Infrastructures and platforms
3. Data preparation/manipulation
4. Data governance
B. Data Analysis & Reporting (11%)
1. Data analytics
2. Predictive analytics
3. Audit data analytics
C. Business Intelligence Management (4%)
1. Digital transformation & technology disruptors
2. Data integration
3. Data warehousing
Module III: IT Governance, Risks & Controls
A. IT Governance & Strategy (15%)
1. Role of IT governance within an organization
2. IT governance principles
3. IT governance roles & responsibilities
4. IT governance implementation
5. Benefits of effective IT governance
B. IT Risks, Process & Controls (15%)
1. IT risk identification and assessment
2. IT control frameworks
3. IT general controls
4. Application controls
5. Business process management
6. Change management
7. Assessment of IT controls
C. System and Organization Controls Reporting (10%)
1. System and Organization Controls Reporting Overview
2. Types of Reporting
Detailed content specification outline
Module 1. Information Security & Cyber Risks
This module focuses on the security and risk management of systems and environments, including the use of the SOC for Cybersecurity report as a tool for reporting IT security and risk management for companies.
Information Security Governance — Covers the key areas of information security, including strategy, policies/procedures, control environments, and business continuity/disaster recovery; includes fundamental knowledge of various IT governance frameworks, logical access at the various levels of the “stack,” and the internal control structure of design, implementation, monitoring, and detection/reporting
Cybersecurity Risk Management — Covers the major threat vectors for systems, including cyber adversaries, the cybercrime economy
and various types of attacks; also includes data breaches and their impact on information privacy, as well as how to manage system vulnerabilities
SOC for Cybersecurity — Covers the SOC for Cyber report, including report content, target users and use of the report in conjunction with an entitys overall cybersecurity risk mitigation strategy
A. Information Security Governance (25%)
1. Information security strategy
a. Objectives
b. Components
c. Alignment with organizational strategy, IT strategy
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 1 — Information Security Governance
2. Policy, procedures, processes, and standards
a. Frameworks
b. Compliance with applicable laws and regulations
c. Roles and responsibilities
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 1 — Information Security Governance
3. Logical access controls
a. Objectives
b. Data (transactional. level
c. Application and financial system level
d. Network level
e. Identifying, designing, implementing, monitoring, detecting and reporting
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 3 — Logical access controls
4. Hardware and physical access controls
a. Objectives
b. Identifying, designing, implementing, monitoring, detecting and reporting
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 4 — Physical access controls
5. Security authorization and authentication Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 2 — Identity and access management
6. Business continuity and disaster recovery
a. Business continuity plan (BCP)
b. Disaster recovery plan (DRP)
c. Incident response plan (IRP)
d. Data backup and recovery
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 6 — Business continuity management
B. Cybersecurity Risk Management (12%)
1. Cybersecurity threats
a. Primary types of cyber adversaries (how to identify, what is their motivation.
1. How to identify
2. What is their motivation
3. How to manage/mitigate risk
4. Terms to use — Hacktivists, Nation states, Cybercriminals, Insider threat,
Competitors
b. Cybercrime economy (what could potentially drive a cybercrime against
a company.
c. Types of attacks
1. How to identify
2. Effect on the business/financials
3. How to manage/mitigate risk
4. Terms to use — Classic buffer overflow, Web-based application attacks,
Denial of Service/DDoS, Malware, ransomware, and spyware,
phishing/spear phishing, Social engineering
Cybersecurity Fundamentals for Finance &
Accounting Professionals Certificate Program
CPE self-study
Author: Christopher J. Romeo
Publisher: AICPA
2. Data breaches and privacy
a. Causes of a data breach
b. Organizational impact of a data breach
c. Post breach response (business/financial point of view)
d. Personally Identifiable Information (PII)
Cybersecurity Fundamentals for Finance and
Accounting Professionals Certificate Program
CPE self-study
Author: Christopher J. Romeo
Publisher: AICPA
3. Vulnerability management
a. Gap analysis, readiness and risk assessments, vulnerability assessments,
penetration testing (identification of vulnerabilities and how they could impact
business/financials.
b. Security policy & plan development (input regarding business/financial
implications in the policies/procedures.
1. Identity and access management (IAM)
2. Data loss management and prevention
Cybersecurity Fundamentals for Finance and
Accounting Professionals Certificate Program
CPE self-study
Author: Christopher J. Romeo
Publisher: AICPA
C. AICPA Cybersecurity Risk Management Reporting Framework (SOC for Cybersecurity) (3%)
1. Purpose
SOC for Cybersecurity Certificate Program
CPE self-study
Authors: Tony Chapman, Anurag Sharma
Publisher: AICPA
2. Content
SOC for Cybersecurity Certificate Program
CPE self-study
Authors: Tony Chapman, Anurag Sharma
Publisher: AICPA
3. Target audiences
SOC for Cybersecurity Certificate Program
CPE self-study
Authors: Tony Chapman, Anurag Sharma
Publisher: AICPA
Detailed content specification outline
Module II. Business Intelligence, Data Management & Analytics
This module focuses on information management and the utilization of information to provide value in decision-making and other
managerial needs.
Data Management — Covers the information lifecycle, from identification of system information through destruction and the various types
of infrastructures and ERPs to support data; also discusses how data is collected and manipulated, including consolidation, cleaning, transformation, reduction, processing, etc.; lastly, covers the governance of data including objectives, strategy, and policies Data Analysis & Reporting — Covers the various types of data analytics, the tools and procedures to perform an analysis, and the methods of reporting and performance indicators; also covers the use of predictive analytics, including the various models, techniques, applications and deployment; lastly, covers the integration of analytics in the audit process, including risks and assertions, and continuous assurance Business Intelligence Management — Covers the various forms of technology disruptors, including cloud tech, IoT, and AI; also covers the use of data integration (ETL, EAI and EDR) as well as data warehousing (Active, OLAP, ROLAP, MOLAP, HOLAP and DOLAP)
A. Data Management (5%)
1. Information Lifecycle Management
a. Identify
b. Capture
c. Manage
d. Utilize
e. Archive
f. Retention
g. Destruction
Data Analysis Fundamentals Certificate Program
CPE self-study
Publisher: AICPA
Data Analytics Modeling Certificate Program
CPE self-study
Publisher: AICPA
2. Infrastructures & platforms
a. Types of Infrastructure/Platforms typically employed
1. ERP or other enterprise software
i. ERP implementation
2. Data warehouse infrastructure
Data Analytics Modeling Certificate Program
CPE self-study
Publisher: AICPA
Data Visualization Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
3. Data preparation/manipulation
a. Data consolidation
b. Data mapping and collection
c. Data selection
d. Data cleaning
e. Data transformation
f. Data reduction
g. Data processing
Data Analytics Modeling Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
A. Data Management (5%)
4. Data governance
a. Objectives
b. Principles
c. Strategy
d. Policy
e. Architecture
Data Analysis Fundamentals Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams,
Mike Beavers
Publisher: AICPA
Module 1 — Information Security Governance
B. Data Analysis & Reporting (11%)
1. Data analytics
a. Types
1. Quantitative analysis
2. Descriptive statistics
3. Data visualization
b. Tools, techniques, and procedures
c. Performance metrics and reporting
Data Analysis Fundamentals Certificate Program
CPE self-study
Publisher: AICPA
Data Visualization Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
2. Predictive analytics
a. Types
1. Predictive models
2. Descriptive models
3. Decision models
b. Techniques
1. Regression
2. Machine learning
c. Applications of predictive analytics
d. Deployment
Forecasting and Predictive Analytics Certificate
Program
CPE self-study
Publisher: AICPA
Data Analytics Modeling Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
3. Audit data analytics
a. Integrating analytics into the audit process
1. Audit applications of data analytics
2. Correlating audit tasks to risks and assertions
3. Continuous assurance
Integrating Audit Data Analytics into the Audit
Process
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
C. Business Intelligence Management (4%)
1. Digital transformation & technology disruptors
a. Cloud
b. Internet of Things (IoT)
c. Artificial intelligence
Data Analysis Fundamentals Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
2. Data integration
a. Extract, Transform, and Load (ETL)
b. Enterprise Application Integration (EAI)
c. Enterprise Data Replication (EDR)
Data Analytics Modeling Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
Data Analysis Fundamentals Certificate Program
CPE self-study
Publisher: AICPA
3. Data warehousing
a. Role in supporting BI
b. Architecture and components
c. Types
1. Active Data Warehousing
2. Multi-dimensional Analysis — OLAP
3. ROLAP, MOLAP, HOLAP and DOLAP
Data Analytics Modeling Certificate Program
CPE self-study
Publisher: AICPA
Data Visualization Certificate Program
CPE self-study
Publisher: AICPA
Analytics and Big Data for Accountants
CPE self-study
Author: Jim Lindell
Publisher: AICPA
Detailed content specification outline
Module III: IT Governance, Risks & Controls
This includes knowledge pertaining to information technology risk and advisory services, engagement compliance, and IT controls and assessment. It also covers knowledge of various IT frameworks and related controls, including the use of SOC reporting as a framework to showcase a service organizations internal control environment.
IT Governance & Strategy — Covers the objectives, strategic planning, implementation and management of the IT function within an organization, as well as mitigation of risk; focuses on the management of value, resources, and performance in relation to key components and best practices of the IT function IT Risks, Process, & Controls — Discusses various IT frameworks, including COSO and COBIT, and the integration of frameworks with IT assessments; covers a variety of key control areas for IT assessments, including ITGCs, application, business process and change management controls System and Organizational Controls (SOC) Reporting — Focuses on the purposes for SOC reporting, the users of SOC reports, and the responsibilities of user auditors
A. IT Governance & Strategy (15%)
1. Role of IT governance within an organization
a. IT governance objectives
b. Management of the IT function
c. Mitigation of IT risk
d. IT strategic plan
1. Alignment with organizational strategy
IT Governance, Risks & Controls
CPE self-study
Publisher: AICPA
Module 1 — Role of IT Governance
Information Strategy
CPE self-study
Author: Kaplan Publishing Limited
Publisher: AICPA
2. IT governance principles
a. Strategy and planning
1. Key components
2. Best practices
b. Value delivery management
1. Key components
2. Best practices
c. Resource management
1. Key components
2. Best practices
d. Risk management
1. Key components
2. Best practices
e. Performance management
1. Key components
2. Best practices
IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 1 — Role of IT Governance
3. IT governance roles and responsibilities IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 1 — Role of IT Governance
4. IT governance implementation IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 2 — Implement and Assess IT Governance
5. Benefits of effective IT governance IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 2 — Implement and Assess IT Governance
B. IT Risks, Process & Controls (15%)
1. IT risk identification and assessment IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 3 — IT Risk Management
Risk and Control of Information Systems
CPE self-study
Author: Kaplan Publishing Limited
Publisher: AICPA
2. IT control frameworks
a. COSO
1. Categories of objectives
2. Integrated components & principles
b. COBIT
1. Domains
c. Integration of control frameworks
COSO Internal Control Certificate Program
CPE self-study
Publisher: Committee of Sponsoring Organizations
(COSO.
Internal Control and COSO Essentials for Financial
Managers, Accountants and Auditors
CPE self-study
Author: Glenn L. Helms
IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 4 — IT Controls
3. IT general controls
a. Objectives of IT general controls
b. Types of IT general controls (including ERP)
IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 4 — IT Controls
Risk and Control of Information Systems
CPE self-study
Author: Kaplan Publishing Limited
Publisher: AICPA
Information Security Governance
CPE self-study
Authors: Gwenn Bettwy, Mark Williams, Mike
Beavers
Publisher: AICPA
Module 3 — Logical access controls
4. Application controls
a. Objectives of application controls
b. Input controls
c. Processing controls
d. Output controls
IT Governance, Risks, and Controls
CPE self-study
Publisher: AICPA
Module 4 — IT Controls
Risk and Control of Information Systems
CPE self-study
Author: Kaplan Publishing Limited
Publisher: AICPA
Information Security Governance
CPE self-study
Authors: Gwen Bettwy, Mark Williams, Mike Beavers
Publisher: AICPA
Module 3 — Logical access controls