Press Release


 ISACA Issues First Audit Programs Aligned With COBIT 5 

Programs Feature Benefits Delivery, and Risk and Resource Optimization, and More

Rolling Meadows, IL, USA (18 February 2014)—Global IT association ISACA has issued five new audit programs—the first of more than 30 audit programs that will align with COBIT 5. The new audit/assurance programs released today provide assurance over the governance domain processes:

  • Ensure Governance Framework Setting and Maintenance Audit/Assurance Program, which helps ensure that there is a consistent and integrated approach aligned with enterprise governance, IT-related decisions are made in line with the enterprise’s strategies and objectives, IT-related processes are overseen effectively and transparently, and the organization is in compliance with legal and regulatory requirements.
  • Ensure Benefits Delivery Audit/Assurance Program, which helps auditors verify that optimal value is secured from IT-enabled initiatives, services and assets. It also ensures cost-effective delivery of solutions and services and provides a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently.
  • Ensure Risk Optimization Audit/Assurance Program, which helps auditors validate that IT-related enterprise risk does not exceed risk appetite and risk tolerance; the impact of IT risk to enterprise value is identified and managed; and the potential for compliance failures is minimized.
  • Ensure Resource Optimization Audit/Assurance Program, which helps auditors determine whether an enterprise’s resource needs are met in the most effective manner, IT costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change.
  • Ensure Stakeholder Transparency Audit/Assurance Program, which validates effective and timely communication to stakeholders and an established basis for reporting to increase performance and identify areas for improvement. It also helps verify that IT-related objectives and strategies are in line with the enterprise’s strategy.

“ISACA’s audit programs are flexible and customizable, providing a clear structure that covers all of the COBIT 5 enablers,” said Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, international president of ISACA and appointed Deputy Director-General of the Department of Communities, Child Safety and Disability Services in the Queensland Government, Australia. “These particular programs provide a road map that enable assurance professionals to effectively plan, scope and execute IT assurance initiatives, navigate technology complexity and demonstrate strategic value to IT and business stakeholders.”

The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF) and align with the globally recognized COBIT 5 business framework that helps enterprises govern and manage their information and technology. They have been developed by experienced assurance professionals and are peer reviewed. The programs are downloadable in a Word document and can be easily customized to fit specific operating environments. They also can be used by business and IT professionals, who will benefit from applying the management practices and activities to make the respective scope areas more robust.

The audit/assurance programs are free for ISACA members and US $45 for nonmembers at ITAF is available at, and COBIT 5 is available at


With more than 110,000 constituents in 180 countries, ISACA ( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:


Rachel Acevedo, +1.847.660.5617,
Joanne Duffer, +1.847.660.5564,
Kristen Kessinger, ISACA, +1.847.660.5512,