Standards contain statements of mandatory requirements for IS audit and assurance. They inform:
- IS audit and assurance professionals of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics.
- Management and other interested parties of the profession's expectations concerning the work of practitioners
- Holders of the Certified Information Systems Auditor (CISA) designation of their requirements. Failure to comply with these standards may result in an investigation into the CISA holder's conduct by the ISACA Board of Directors or appropriate ISACA committee and, ultimately, in disciplinary action.
View Standards >>
The objective of the IS Audit and Assurance Guidelines is to provide guidance and additional information on how to comply with the IS Audit and Assurance Standards. The IS audit and assurance professional should consider these guidelines when implementing, applying and justifying any departure from the standards.
View Guidelines >>
Tools and Techniques
The tools and techniques provide additional guidance, but do not set requirements. Available Tools and Techniques include:
Audit Knowledge Community
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business. COBIT is available for download.
A glossary of terms is available. The words audit and review are used interchangeably in the IS Audit and Assurance Standards and Guidelines.
The complete set of current standards and guidelines for IS audit and assurance Professionals is contained in ITAF.
If you have questions about Standards publications and ongoing research, please contact:
Disclaimer: ISACA has designed this guidance to describe the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics. ISACA makes no claim that use of this product will assure a successful outcome. The publication should not be considered inclusive of any proper procedures and tests or exclusive of other procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific procedure or test, controls professionals should apply their own professional judgement to the specific control circumstances presented by the particular systems or IS environment.