ITAF’s design recognizes that IT assurance professionals are faced with different requirements and different types of audit and assurance assignments, ranging from leading an IT-focused audit to contributing to a financial or operational audit. ITAF is applicable to any formal audit or assessment engagement.
ITAF applies to individuals who act in the capacity of IT assurance professionals and are engaged in providing assurance over some components of IT systems, applications and infrastructure. However, we have taken care to design these standards, guidelines, and IT audit and assurance procedures in a manner that may also be useful, and provide benefits to, a wider audience, including users of IT audit and assurance reports.
The application of the framework is a prerequisite to conducting assurance work. The standards are mandatory while guidelines, tools and techniques are designed to provide non-mandatory assistance in performing assurance work and additional detail to support compliance with standards. Please visit www.isaca.org/standards for links to the most current guidance.
If you have questions about ITAF publications and ongoing research, please contact: