IT Audit and Assurance Guidance 

 

The specialised nature of information technology (IT) audit and assurance and the skills necessary to perform such audits require specific standards.

Objectives, Scope and Authority of IT Audit and Assurance Standards


Disclaimer: ISACA has designed this guidance to describe the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics. ISACA makes no claim that use of this product will assure a successful outcome. The publication should not be considered inclusive of any proper procedures and tests or exclusive of other procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific procedure or test, the controls professional should apply his/her own professional judgement to the specific control circumstances presented by the particular systems or IT environment.

Standards

Standards define mandatory requirements for IT audit and assurance. They inform:

  • IT audit and assurance professionals of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics.
  • Management and other interested parties of the profession's expectations concerning the work of practitioners
  • Holders of the Certified Information Systems Auditor (CISA) designation of their requirements. Failure to comply with these standards may result in an investigation into the CISA holder's conduct by the ISACA Board of Directors or appropriate ISACA committee and, ultimately, in disciplinary action.
View Standards >>

Guidelines

The objective of the IT Audit and Assurance Guidelines is to provide guidance and additional information on how to comply with the IT Audit and Assurance Standards. The IT audit and assurance professional should consider these guidelines when implementing, applying and justifying any departure from the Standards.

View Guidelines >>

Tools and Techniques

The tools and techniques documents provide information on how to meet the standards when performing IT audit and assurance work, and provide examples of procedures an IT audit and assurance professional may follow, but do not set requirements. The objective of the IT Audit and Assurance Tools and Techniques is to provide additional information on how to comply with the IT Audit and Assurance Standards.

View Tools and Techniques >>

IT Audit and Assurance Exposure Documents

The ISACA Professional Standards Committee is committed to incorporating your input in the preparation of IT Audit and Assurance Standards, Guidelines, and Tools and Techniques.

Exposure drafts are issued internationally and interested professionals are welcome to review the material and share their views.

Current IT Audit and Assurance Exposure Drafts

Exposure Period Ends

Standards

There are no Standard drafts exposed at this time.
   

Guidelines

There are no Guideline drafts exposed at this time.  


The Professional Standards and Career Management Committee also welcomes your assistance in the identification of emerging issues that require new standards products. Email to standards@isaca.org or fax (+1.847.253.1443) to the attention of the Director of Professional Standard Development.


IT Audit and Assurance Standards and Guidelines Awaiting Final Approval

There are no documents awaiting final approval at this time.


IT Audit and Assurance Standards and Guidelines in Development

Current standards and guidelines are being reviewed and revised as needed.


COBIT

ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business. COBIT is available for download.


Glossary

A glossary of terms is available. The words audit and review are used interchangeably in the IT Audit and Assurance Standards and Guidelines.


Development of Standards, Guidelines, and Tools and Techniques

The ISACA Professional Standards and Career Management Committee is committed to wide consultation in the preparation of IT Audit and Assurance Standards and Guidelines. Prior to issuing any documents, the Professional Standards and Career Management Committee issues exposure drafts internationally for general public comment.

The Professional Standards and Career Management Committee also seeks consultation with those who possess a special expertise or interest in the topic under consideration. We have an on-going development program that welcomes the input of ISACA members and other interested parties to identify emerging issues requiring new standards.

Suggestions should be:

  • E-mailed to standards@isaca.org
  • Faxed to +1.847.253.1443
  • Mailed to ISACA International Headquarters, 3701 Algonquin Road, Suite 1010, Rolling Meadows, IL 60008, USA, to the attention of the Director of Professional Standard Development.


Downloads

The Complete Set of Current Standards and Guidelines for Audit and Assurance Professionals

  English (2M)
  Estonian (3.5M)
  Turkish (3.2M)