|
ITAFTM consists of compliance and good practice setting guidance:
- Provides guidance on the design, conduct and reporting of IT audit and assurance assignments
- Defines terms and concepts specific to IT assurance
-
Establishes standards that address IT audit and assurance professional roles and responsibilities, knowledge, skills and diligence, conduct, and reporting requirements
ITAF provides a single source through which IT audit and assurance professionals can seek guidance, research policies and procedures, obtain audit and assurance programmes and develop effective reports.
While ITAF incorporates existing ISACA standards and guidance, it has been designed to be a living document. As new guidance is developed and issued, it will be indexed within the framework and made available to ISACA members and the public. To date, all current ISACA guidance has been mapped to the framework.
ITAF applies to individuals who act in the capacity of IT assurance professionals and are engaged in providing assurance over some components of IT systems, applications and infrastructure. However, we have taken care to design these standards, guidelines, and IT audit and assurance procedures in a manner that may also be useful, and provide benefits to, a wider audience, including users of IT audit and assurance reports.
The application of the framework is a prerequisite to conducting assurance work. The standards are mandatory while guidelines, tools and techniques are designed to provide non-mandatory assistance in performing assurance work and additional detail to support compliance with standards.
ITAF’s design recognizes that IT assurance professionals are faced with different requirements and different types of audit and assurance assignments — ranging from leading an IT-focused audit to contributing to a financial or operational audit. ITAF is applicable to any formal audit or assessment engagement.
|
