Press Release


 18 New IS Audit and Assurance Guidelines From ISACA Help Professionals Ensure High-Quality and Reliable Audit Reports 

Rolling Meadows, IL, USA (2 June 2014)—Global association ISACA has issued 18 Information Systems (IS) Audit and Assurance Guidelines to help assurance professionals ensure quality and consistency in their audit engagements, and give enterprises confidence their audit reports are reliable and give a clear picture of how well the IT systems are delivering on their mission to drive business value. Fifteen of the guidelines have been significantly refreshed to support the updated IS Audit and Assurance Standards that went into effect in November 2013, and three are completely new.

The guidelines are available at and in ISACA’s IT Assurance Framework (ITAF), now in its third edition. The framework is available free of charge at

“These guidelines help practitioners adhere to professional responsibilities and ensure that their audit and assurance engagements meet or exceed acceptable performance requirements and management’s expectations,” said Steven Sizemore, CISA, CIA, CGAP, chair of ISACA’s Professional Standards and Career Management Committee and IT audit manager at the Texas Health and Human Services Commission. “Standards and guidelines from ISACA give value and credibility to the information systems assurance profession. They show that we follow a set of good practices and perform quality work.”

The guidelines, which are available at, are:


  • 2001 Audit Charter
  • 2002 Organisational Independence
  • 2003 Professional’s Independence
  • 2004 Reasonable Expectation (new)
  • 2005 Due Professional Care
  • 2006 Proficiency (new)
  • 2007 Assertions (new)
  • 2008 Criteria


  • 2201 Engagement Planning
  • 2202 Risk Assessment in Audit Planning
  • 2203 Performance and Supervision
  • 2204 Materiality
  • 2205 Evidence
  • 2206 Using the Work of Other Experts
  • 2207 Irregularity and Illegal Acts
  • 2208 Audit Sampling


  • 2401 Reporting
  • 2402 Follow-Up Activities

In addition to its standards and guidelines, ISACA offers more than 45 audit programs, including five new programs aligned with the COBIT 5 framework. All are available for download at, and additional audit programs are scheduled to publish later this year.

ISACA will also issue A Practice Guide for IS Audit Reports in late 2014 to provide practical guidance on writing effective audit reports. The guide will discuss the audit reporting objectives and process, and cover tools and techniques to communicate audit findings through examples and templates.

Now serving 115,000 members and certification holders who work in IT audit, assurance, security, governance and risk, ISACA reached its milestone 45th anniversary this year. Information about the association is available at



With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,