Press Release


 ISACA Issues New Audit Programs on BYOD, PII and Outsourcing 

Rolling Meadows, IL, USA (25 January 2013)—With the consumerization of technology, including the surge in “bring your own device” (BYOD), IT auditors are facing increasing challenges. To help auditors with their increasing demands and responsibilities, ISACA, a nonprofit association serving 100,000 IT professionals in 180 countries, has developed more than  40 customizable IT audit/assurance programs, including three new releases:  

  • BYOD Audit/Assurance Program—which helps auditors provide management with an assessment of bring-your-own-device (BYOD) policies and procedures, identify internal control and regulatory deficiencies, and identify information security control concerns that could affect the reliability, accuracy and security of the enterprise data.
  • Personally Identifiable Information (PII) Audit/Assurance Program—which helps auditors provide management with an assessment of PII policies and procedures; and focuses on private data and storage locations, including the deployment and effectiveness of an organization-wide data classification scheme, policies and procedures relating to action needed after a breach of PII confidentiality, and training employees in handling and processing PII and data privacy.
  • Outsourced IT Environments Audit/Assurance Program—which helps auditors provide management with an independent assessment of the IT outsourcing process, compliance with outsourcing contract, accuracy of billing, and successful remediation of issues identified during the execution of business processes. It also helps auditors evaluate internal controls affecting business processes related to outsourcing, and permits the audit/assurance professional to place audit reliance on the data and operational processes performed by the supplier on behalf of the customer.

Other ISACA audit programs include cybercrime, social media, crisis management, change management and cloud computing.

“ISACA’s audit programs can be used by auditors worldwide as a road map for specific assurance processes,” said Greg Grocholski, CISA, international president of ISACA and global business finance director for the Ventures and Business Development unit within The Dow Chemical Company. “They can be customized by IT auditors in any type of environment to help them conduct effective reviews that will help ensure trust and value in the enterprise’s information systems.”

The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF) and align with the globally recognized COBIT business framework for governance and management of IT. They have been developed by experienced assurance professionals and are peer reviewed. The programs are downloadable in a Word document and can be easily customized to fit specific operating environments. They also can be used by security and business professionals, who will benefit from applying the control objectives and audit steps to make the respective scope areas more robust.

The audit/assurance programs are free for ISACA members and US $45 for nonmembers at ITAF is available at, and COBIT is available at



With more than 100,000 constituents in 180 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn:  ISACA (Official),

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,