Certified Information Technology Auditor | CITA

The Certified Information Technology Auditor (CITA) is a professional certification that demonstrates an individual's knowledge and skills in the field of information security auditing and information technology auditing. The certification is designed for individuals who work in or are looking to work in information technology (IT) security, and it focuses on the key concepts, best practices, and tools used in the field.

The CITA certification is provided by the Global Association of Business & Management (GABM.us), which is based in the United States and specializes in membership and professional certifications for the business and management field.


  1. Auditing and Internal Control
  2. Auditing IT Governance Controls
  3. Security Part I: Auditing Operating Systems and Networks
  4. Security Part II: Auditing Database Systems
  5. Systems Development and Program Change Activities
  6. Transaction Processing and Financial Reporting Systems Overview
  7. Computer-Assisted Audit Tools and Techniques
  8. Data Structures and CAATTs for Data Extraction
  9. Auditing the Revenue Cycle
  10. Auditing the Expenditure Cycle
  11. Enterprise Resource Planning Systems
  12. Business Ethics, Fraud, and Fraud Detection

LEARNING objectives

  1. Attest vs advisory services & relationship
  2. Structure and conceptual elements of an audit
  3. Internal control categories in the COSO framework
  4. Sections 302 and 404 of the Sarbanes-Oxley Act
  5. Relationship between general controls, application controls & financial data integrity
  6. IT function structure, controls, and security precautions
  7. Disaster recovery plan key elements
  8. IT outsourcing benefits, risks, and audit issues
  9. Threats to the operating system and control techniques
  10. Risks of commerce over intranet and internet
  11. Risks of personal computing systems and EDI
  12. Database concept, models, and operational features
  13. Stages of SDLC and strategic system planning
  14. System design approaches, cost-benefit analysis, and software selection
  15. Transaction cycle objectives, digital equivalents, and automation
  16. Input, processing, and output controls for accounting applications
  17. Black box and white box auditing, CAATTs
  18. Data structures and audit software features
  19. Revenue and expenditure cycle audit objectives, controls, and tests
  20. ERP systems, configuration, data warehousing, and auditing
  21. Business ethics, fraud schemes, and detection using ACL

Obtaining the Certified Information Technology Auditor (CITA) certification can have a significant impact on an individual's career prospects and the future of IT auditing. As organizations increasingly rely on technology to operate, the need for skilled IT auditors who can identify and manage risks related to information systems is likely to grow.

Obtaining the CITA certification can open up new career opportunities and have a positive impact on both individuals and organizations in the rapidly evolving field of IT auditing


  • Only 60 Multiple Choice Questions
  • The passing score is 70% or higher
  • The exam duration is 120 minutes
  • Retake the exam unlimited times within 90 days
  • No fees for retaking the exam


  • IT auditors
  • IT consultants and managers
  • Risk management professionals
  • Compliance professionals
  • Information security professionals.
  • IT governance professionals

Benefits of CITA

  • Ability to identify and manage IT risks.
  • Proficiency in evaluating IT controls and security measures.
  • Knowledge of industry best practices and standards.
  • Ability to perform IT audits and assessments.
  • Enhanced understanding of emerging technologies and their impact on business.


  • The CITA certification provides individuals with advanced knowledge and skills in IT auditing, enhancing their professional credibility and positioning them for career advancement.
  • The certification can help individuals to better identify and mitigate risks related to information systems, helping organizations to protect against potential threats and ensure the integrity of their data.