Coworkers in a meeting looking over facts

Certificate in IT Audit Execution

Gain the skill and confidence to help organizations protect
their most important assets


In our digital world, data and IT system integrity is at the top of everyone’s list of priorities. Government regulations are driving organizations to invest more in their financial reporting controls and effectiveness than ever before. As a result, IT Audit jobs have recently grown 65%*, with 75% of senior leaders struggling to find skilled IT auditors who can execute the thorough examinations they require to protect their businesses.

The CISA is the #2 most demanded certification in the Cyber Security field!1

75% of senior leaders struggle to find skilled IT auditors
Higher salaries are paid to It Auditors (compared to similar roles)
The fastest growing specialization in the auditing field is IT* (*in the GTA)

1According to via The Cyber Security Hub

Why Choose York?

accelerated-learningACCELERATED LEARNINGPrepare for the CISA exam in 6 months

REAL-WORLD CASE STUDIESLearn to plan, execute, and report on an IT audit


Build real-world IT Audit assurance skills

Preparing for your Certified Information Systems Auditor (CISA) designation is a huge step toward your new career as an in-demand IT auditor. But knowledge alone isn’t enough to get hired. To get the best jobs, you need to know how to fully execute an IT audit, with skill and confidence.

Created in collaboration with industry leaders, the 3 course Certificate in IT Audit Execution covers the 5 domains of the Certified Information Systems Auditor (CISA) body of knowledge*. In addition, the innovative study format also gives you the opportunity to work on real-world case studies in collaboration with your peers. You’ll have the chance to practice the core job skills top employers demand when hiring IT auditors, like problem solving, negotiation and analytical thinking. You’ll also build meaningful relationships with course instructors and peers over the course of the program, creating a supportive learning environment.

*It is the responsibility of students to comply with the requirements of ISACA for the CISA Designation.  ISACA has their own requirements regarding application, admission, program and membership. Students should contact ISACA directly for more information.

“IT Audit is an evolving and growing field. The IT Audit Execution program is designed to address this challenge, and train professionals on emerging technology risks that matter, along with the real-world job skills needed to succeed in the workplace.”

- Asif Mohammed,
VP Risk, Performance and Technology, Richter; ISACA Toronto Chapter President; and Advisory Council Member

You’ll gain in-depth IT audit knowledge and use current industry tools to:

  • Recognize and apply appropriate IT audit best practices;
  • Recognize and review compliance with appropriate laws and regulations;
  • Implement the full IT audit lifecycle;
  • Apply the CISA domains to an audit;
  • Identify and assess risk;
  • Apply auditing and assurance concepts;
  • Assess ethical predicaments relevant to an audit;
  • Develop effective relationships with stakeholders; and
  • Apply innovative and critical approaches to audit challenges.

These learning outcomes, paired with your hands-on experience in IT Audit assurance, put you ahead of the pack for your next job by proving your applied expertise to potential employers. This program is a one-of-a-kind learning experience, designed to enhance your career with deep learning and position you for success in a field that’s sure to see continued growth.

“The Certificate in IT Audit Execution prepares students to not only pass their CISA exam, but to execute a full IT audit with confidence, in just 6 months. I wish a program like this existed when I was starting out in my career.”

- Arif Hameed, Senior Director, Client Security, Equifax (Advisory Council Member)

Who should take this program?

The Certificate in IT Audit Execution is ideal for anyone who currently works in IT Operations or as an Internal or External Auditor.

This program can enhance the careers of people with experience in:

IT OperationsIT Operations

Cyber SecurityCyber Security




… and related fields


“Technology is impacting society like never before and job opportunities related to IT Audit are growing exponentially. This program will help develop competencies that match employer expectations, align with high-demand skills and maximize salary and growth potential.”

Baskaran Rajamani, Partner, Risk Advisory, Deloitte
(Advisory Council Member)

Program Delivery

As of March 16, 2020, all our Continuing Education programs will be delivered 100% online. The School of Continuing Studies has launched and delivered many quality online programs over the years. This is not new to us, and there will be no interruptions or compromise in learning quality for those considering starting their studies with us.

Program delivery format is 100% Online


 Save when you stay on campus
Our students receive a discount on their stay at the Schulich Executive Learning Centre. Just quote promo code ‘YRKCON16′ when making your reservation over the phone or email!


Learning Outcomes

By the end of the program, graduates will be able to:

  • Recognize and apply the appropriate best practices to an IT Audit as outlined in standards including ITIL, COBIT and COSO;
  • Implement the IT Audit lifecycle from planning, executing and reporting to management;
  • Apply the Certified Information Security Auditor (CISA) domains to the IT Audit Lifecycle;
  • Assess risk within the IT environment to determine if risk is being managed at an acceptable level;
  • Apply auditing and assurance concepts to real-world case studies by examining controls implemented and providing recommendations on improvements;
  • Assess various ethical predicaments as they pertain to the IT Audit profession;
  • Examine compliance with laws and regulation, including SOX, PIPEDA and PCI;
  • Develop effective internal and external relationships using influencing, communication and consultative skills;
  • Apply innovative and critical approaches to challenges faced by an IT audit.


Advisory Council

Nina ChowNina Chow
Principal Consultant, SNC Advisory Services Inc.

Nina is a recognized leader in IT risk and governance with over 20 years of experience. She is an experienced consultant working with business and IT processes, skilled in Internal Audit, IT internal and external audits.  She has worked with various frameworks and standards including: ISO 27001, NIST, CSAE 3416, SSAE 16, SSAE 18, COSO, ITIL, COBIT, BCI, DRI performing business process design, analysis and improvement, risk analysis, system implementation and IT risk, governance and strategy engagements. Nina has been a CISA for over 15 years.

Gerard FrancisGerard Francis
Director, Enterprise-Wide IT Audit and QA, Government of Ontario

Gerard Francis is the Director of Enterprise-wide I&IT Auditing for the Government of Ontario.  In this role, he provides strategic leadership for all information technology audits conducted across the Ontario Public Service.  Gerard has developed a deep appreciation for technology risks facing governments around the world and the critical role IT Audit plays in helping to identify and mitigate them.  The enterprise-wide audits conducted by his team cover all government sectors and address key I&IT risks in  IT Governance, Cybersecurity, IT Investment Planning, Project Management and Delivery, Service Management and Information Management.  Prior to moving into IT Audit, Gerard worked with a number of global financial organizations in the IT field.  He has a passion for public service and has devoted the past 16 years of his career to protecting the interests of the people of Ontario.

Arif HameedArif Hameed
Senior Director Client Security, Equifax

Arif is an accomplished IT Risk, Cyber Security and IT Audit professional with 15 years’ experience in the financial services. With excellent analytical skills in uncovering issues through performance of a wide range of assessments including IT Risk/Control, IT Audit and Quality Assurance, Arif has a proven ability to influence multiple levels of key stakeholders in order to address risks in a timely and effective manner. Arif focuses on excellence in the development of IT control documentation, audit programs and test scripts.

Gaurav KumarGaurav Kumar
Academic Advisor & Instructor: Certificate in Cyber Security, York University School of Continuing Studies

Gaurav Kumar is a security and risk management leader with one of the world’s largest management consulting companies. In his current role, Gaurav is responsible for helping client executives develop suitable security and risk management strategies that meet business needs, seeking to balance defensive and responsive strategic elements. For over 15 years, Gaurav has been helping businesses understand and proactively manage information technology risks by effectively acting as both a technical subject matter expert and a trusted business information security adviser. Gaurav has worked in all verticals of information security and risk management including access management, threat analysis, security monitoring and response, risk management, security assurance and governance, security consulting, and enterprise security program management.

Ran LewinRan Lewin
Director of Internal Audit, York University

Ran Lewin is the Director of Internal Audit at York University, reporting to the President and the Board of Governors’ Finance & Audit Committee. He graduated with a B-Com Accounting Honours from the University of Johannesburg. After completing his accounting and auditing training at KPMG South Africa, he was seconded to Toronto. His audit clients have included companies listed on the South African and Canadian stock exchanges in the construction, IT and media sectors. In 2003 he joined York’s Internal Audit department and became its Director in 2012. He is a CPA-CA in Canada and South Africa, as well as a Certified Internal Auditor.

Asif MohammedAsif Mohammed
VP Risk, Performance and Technology, Richter

Asif specializes in governance, risk management, and cyber security for the private sector.  He is a trusted advisor to his clients, from those on the front lines to the executive level.  Asif uses a client-centric approach to addressing complex challenges and designs recommendations that are pragmatic and aligned to the culture of the organization.  He has a passion for ensuring his clients succeed in meeting their strategic imperatives.

Asif is a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and received his MBA from the Queen’s Smith School of Business.  Asif is currently serving as the ISACA Toronto Chapter President.

Kartikeya PanditKartikeya Pandit
Senior Consultant Risk Advisory Services, Ernst Young LLP

Kartikeya is a Certified Information Systems Auditor (CISA) and Cisco Certified Networking Associate (CCNA), working as a Senior Consultant with EY Risk Assurance practice in Toronto, Canada. With over 5 years of work experience in the field of IT Audit, he has managed global internal audit clients and coordinated with global member firms of EY. He previously worked with EY India and EY US before joining EY Canada.

Baskaran Rajamani - Advisory Council IT Audit ExecutionBaskaran Rajamani
Partner, Risk Advisory, Deloitte

Read interview with Baskaran

Baskaran Rajamani is a Technology Risk Advisory Partner at Deloitte in Toronto.  Baskaran leads teams to help Financial Services clients on transforming and managing Technology Risks across lines of defense related to IT Assets, IT management processes, IT strategy, Digital transformation, Robotics/Cognitive automation and Agile delivery. As part of his global role in the RPA/Cognitive community, he is connected to practitioners across the globe and provides thought leadership on related frameworks and methodologies.  Baskaran Chairs Deloitte’s Technology and Digital risk management roundtable, and is a Faculty at Deloitte University in its Toronto and Dallas, TX campuses.

Baskaran is a popular speaker, has authored several technical papers on IT risk management and assurance, and has presented at conferences and seminars in different parts of the world. Baskaran is the co-author of Deloitte’s latest point of view of Integrated Risk Assurance. He holds a Master’s degree in Engineering and an MBA.  His designations include CISA, CISSP and is a past President of the ISACA Toronto Chapter.


Zain HaqZain Haq, CPA, CA, CISA

Read interview with Zain

Zain Haq is an information systems, cyber security and IT audit professional. Currently, Zain is a cyber security Audit Manager with Manulife Financial, a multinational financial services organization headquartered in Toronto. Zain leads and delivers a mix of application security and management audits, business integrated audits and technology project risk reviews. Previously, Zain has worked with PricewaterhouseCoopers (PwC) where he led and delivered various third-party assurance engagements for clients in different industries including telecommunications, technology service providers, financial services and asset management.

Zain is an alumnus of York University, having completed his BCom in accounting in 2010. Zain is a Chartered Professional Accountant, Chartered Accountant (CPA, CA) a Certified Information Systems Auditor (CISA).

Eric AnastacioEric Anastacio, MEd, CISA, CIA, CRMA

Eric Anastacio has over 20 years in IT Audit experience. Eric started his career at PwC after completing his Bachelor’s in Commerce. During that time, Eric attained his CISA, CIA and CRMA designations. After that, Eric has held multiple positions with several organizations, including the Ontario Ministry of Finance and CIBC. Eric also holds a Masters in Education and has experience delivering IT Audit courses with emphasis on emerging technologies, such as Cyber Security and Cloud Computing.

CISA Designation

ISACA®’s Certified Information Systems Auditor® (CISA®) certification validates your skills and expertise in auditing, control and information security. It proves you can assess vulnerabilities, report on compliance and validate and enhance controls in an enterprise. That’s why hiring managers and clients look for it and why many businesses and government agencies require it.

Our Certificate in IT Audit Execution covers all 5 domains required for you to write the exam*. This, combined with the applied knowledge you’ll gain through real-world case study work, will fully prepare you for your new career as an IT auditor.

*It is the responsibility of students to comply with all the requirements of ISACA for the CISA Designation.  ISACA has their own requirements regarding application, admission, program and membership. Students should contact ISACA directly for more information.

Program Policies


 What if I don’t have any work experience in auditing or IT?

York U’s faculty of Liberal Arts & Professional Studies offers a Certificate in IT Auditing that’s geared specifically to current degree students who don’t have the work experience required to take our program. If that’s your situation, we recommend starting there!


If you would like more information or have a question about the Certificate in IT Audit Execution, please Contact us

Term Session Price (CAD) Register
Fall 2020 Certificate in IT Audit Execution (September 2020-March 2021 $3,297.00 Register

Key Policies

More Information

Confidentiality and Financial Security

Given the experiential and practical nature of the courses and the application of Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) to York University, The School of Continuing Studies works to ensure that instructors and participants acknowledge and respect the privacy and confidentiality of personal information that may be presented in the context of instruction. Instructors will limit the amount of personal information that is collected, used or disclosed in their sessions, and will ensure that all identifying personal information (including proper name, address, etc.) is omitted from all written documents in order to protect personal privacy and confidentiality. Instructors should not bring or share personal or other confidential files or records with the class or allow students to do so.

We are committed to protecting your privacy and your financial security, and we do this in several ways:

  • Your credit card information is never received or stored by our system. Only your financial institution has access to your credit card information.
  • Your Student Portal is password-protected. To access any personal and academic information, you must enter your username and portal password.

York University Privacy Policy

How to Register

Online – Visit our website at to register in any course or program offered by the School of Continuing Studies.

All registrations are processed on a first-come, first-served basis, so early registration is recommended.

The School of Continuing Studies reserves the right to alter fees, other charges, instructors and course dates/locations described in this brochure.

Mailing Address and Changes in Personal Status

All correspondence, including your registration confirmation, grade report and refund cheque, will be sent to the email address provided at the time of registration.
To maintain accurate student records, notification of any changes to your name, address and contact information are required. To update your personal information:

  • go online to Contact Us and email all changes
  • submit a written request to the Registration and Student Records Coordinator

All name-change requests must be accompanied by official documentation justifying such a change.

We will not accept telephone requests to change a name or address.

Education and Amount Certificates (Income Tax Receipts) (T2202A)

Income Tax receipts will be available online in February of the following year. Please refer to the income tax guide for allowable deductions.

Session Transfer

Students must contact the Program Manager for permission to transfer to another session.  Please note that there is a $150 administrative fee for transferring from one session to the other.

Notification of change or cancellation of classes

When necessary, the School of Continuing Studies may alter, postpone or cancel classes. In these instances, students will be notified by email, based on the information provided at the time of registration.
Cancellations or changes will also be posted on the School of Continuing Studies Twitter account.

Cancellation of courses/programs – Fee Refunds

The School of Continuing Studies reserves the right to withdraw or cancel programs/courses. Should a course or program be withdrawn or cancelled, the School will issue a full refund of fees paid.

University Policy on Student Conduct

Students and instructors are expected to maintain a professional relationship characterized by courtesy, collegiality and mutual respect, and to refrain from actions that would be disruptive to such a relationship;

It is the responsibility of the instructor to maintain an appropriate academic atmosphere in the classroom, and the responsibility of the student to cooperate in that endeavour; and,

The instructor is the best person to decide, in first instance, whether such an atmosphere is present in the class, and may, at their discretion, take steps that they feel are appropriate to resolve an issue or dispute.

In any case where a student feels that this policy has been violated, they are urged to notify the instructor of the course/program as soon as possible. Students may be asked to provide a detailed written description of their complaint to the instructor. The instructor may take measures they feel are appropriate to resolve the issue and/or may forward the complaint to the Program Manager for review. Please refer to the full policy document on the York University website at:


Students registered in certificate programs will be evaluated using the following categories of achievement:

Grade % Description
A+ 90 – 100% Thorough knowledge of concepts and/or techniques, and exceptional skill or great originality in the use of those concepts/techniques in satisfying the requirements of an assignment or course.
A 80 – 89%
B+ 75 – 79% Thorough knowledge of concepts and/or techniques with a fairly high degree of skill in the use of those concepts/techniques in satisfying the requirements of an assignment or course.
B 70 – 74%
C+ 65 – 69% Good level of knowledge of concepts and/or techniques together with considerable skill in using them to satisfy the requirements of an assignment or course.
C 60 – 64%
D+ 55 – 59%
D 50 – 54%
F Below 50% Insufficient knowledge of concepts and/or techniques needed to satisfy the requirements of an assignment or course.
PASS Pass is awarded as a grade only to courses that have an experiential component. A student that has received a Pass has met the requirements of the course.
FAIL Fail is awarded as a grade only to courses that have an experiential component. A student that has received a Fail has not met the requirements of the course.
EXEMPT Exempt is awarded to those that have completed a comparable course elsewhere and have met all of the requirements for completion of that course.
DNA Did Not Attend – The student did not attend, did not withdraw, and did not submit course work.
DNC Did Not Complete – The student did not complete the course.


Grade Appeal and Reappraisal and Petitions

Students may, with sufficient grounds, request a reappraisal of any “tangible” work required for a course/program. Tangible work may include written, graphic, digitized, modelled, video recording or audio recording formats. Students seeking a grade reappraisal must complete and submit the attached form, along with the original work and instructions for the assignment, to the Program Manager within 2 weeks of the date of issue of the letter of grade.
Students and instructors will be informed in writing of the reappraisal result and the reappraiser’s comments. The School of Continuing Studies will ensure the anonymity of both the student and the reappraiser.

Download a Grade Reappraisal form

Financial Petitions

You may submit a financial petition if you experience a serious documented medical illness or a death of an immediate family member that causes you to drop courses. Financial petitions may be granted at the discretion of the University, and will be considered for a period of one year after the occurrence of the illness or death.

The Financial Petition form is located here:

Please complete the form and return it via email or via fax at 416-650-8042.

Register for this Program