IT Audit and Assurance Guidelines 

 

This work is the result of the Standards Re-evaluation Project, formed to update existing standards and identify areas where new standards are needed.

Click on the guideline to view it in HTML and to download a PDF.

IT Audit and Assurance Guidelines

Effective Date

G1 Using the Work of Other Experts 1 March 2008
G2 Audit Evidence Requirement 1 May 2008
G3 Use of Computer Assisted Audit Techniques (CAATs) 1 March 2008
G4 Outsourcing of IS Activities to Other Organisations 1 May 2008
G5 Audit Charter 1 February 2008
G6 Materiality Concepts for Auditing Information Systems 1 May 2008
G7 Due Professional Care 1 March 2008
G8 Audit Documentation 1 March 2008
G9 Audit Considerations for Irregularities and Illegal Acts 1 September 2008
G10 Audit Sampling 1 August 2008
G11 Effect of Pervasive IS Controls 1 August 2008
G12 Organisational Relationship and Independence 1 August 2008
G13 Use of Risk Assessment in Audit Planning 1 August 2008
G14 Application Systems Review 1 December 2008
G15 Audit Planning 1 May 2010
G16 Effect of Third Parties on an Enterprise’s IT Controls 1 March 2009
G17 Effect of Nonaudit Role on the IT Audit and Assurance Professional’s Independence 1 May 2010
G18 IT Governance 1 July 2002
G19 Irregularities and Illegal Acts 1 July 2002 Withdrawn 1 September 2008
G20 Reporting  16 September 2010
G21 Enterprise Resource Planning (ERP) Systems Review  16 September 2010
G22 Business-to-consumer (B2C) E-commerce Review 1 December 2008
G23 System Development Life Cycle (SDLC) Review Reviews 1 August 2003
G24 Internet Banking 1 August 2003
G25 Review of Virtual Private Networks 1 July 2004
G26 Business Process Reengineering (BPR) Project Reviews 1 July 2004
G27 Mobile Computing 1 September 2004
G28 Computer Forensics 1 September 2004
G29 Post-implementation Review 1 January 2005
G30 Competence 1 June 2005
G31 Privacy 1 June 2005
G32 Business Continuity Plan (BCP) Review from IT Perspective 1 September 2005
G33 General Considerations on the Use of the Internet 1 March 2006
G34 Responsibility, Authority and Accountability 1 March 2006
G35 Follow-up Activities 1 March 2006
G36 Biometric Controls 1 February 2007
G37 Configuration Management Process 1 November 2007
G38 Access Controls 1 February 2008
G39 IT Organisation 1 May 2008
G40 Review of Security Management Practices 1 December 2008
G41 Return on Security Investment (ROSI) 1 May 2010
G42 Continuous Assurance 1 May 2010