Many professionals engaged in IT audit and assurance have long relied on the only set of guidelines when issuing audit reports, that is, the Information Technology Audit Framework (ITAF) issued by the international non-profit technology organization ISACA. At present, ISACA has released the fourth edition of ITAF, updated the corresponding guidelines and professional standards, and issued the white paper “Using ITAF to Provide IT Audit Consulting Services” and a sampling guide “ITAF Manual Implementation Guide 2208: Information Technology Audit Sampling”.
ITAF was last updated in 2014 and has established the following standards:
Clarify the roles and responsibilities, professional norms, professional and personal behaviors, required knowledge and technology of IT audit and assurance practitioners;
Define the special terms and concepts in IT audit and assurance;
Provide guidance and technical means for the planning, implementation and reporting of IT audit and assurance;
The fourth edition of ITAF updated this time mainly unifies the audit process, including:
Add more IT professional guides and cases Emphasize the importance of risk assessment in the audit planning stage, and provide employees with guidance that can be directly applied to the audit process
Update the objective content of auditors to make it more concise and referential Adjust the format to make ITAF easier to use Reviewed by global large enterprise audit experts, the guidelines of the framework mainly focus on the planning, testing and reporting of IT processes, controls and related IT audit or assurance, and help it audit be consistent with enterprise objectives and plans. For practitioners with a registered Information Systems Auditor (CISA) certificate, ITAF can be applied to any IT audit or evaluation, whether it related audit, financial, compliance or operational audit.
Nader Qaimari, chief product officer of ISACA cisa certification cost, said: “ISACA is honored to provide globally recognized best practices, guidelines and frameworks for information systems and IT practitioners, and provide support and improvement in their work. The release of the latest version of ITAF is also the realization of ISACA ’s long-term commitment to help IT auditors obtain the most relevant and valuable tools and knowledge and optimize IT audit at the global enterprise level and related fields.”
The newly released white paper “Using ITAF to Provide IT Audit Consulting Services” discusses the historical and current environment affecting auditors, as well as the challenges faced in terms of independence and objectivity, and how ITAF can provide solutions to these challenges.
Mais Marouqa is an IT risk and assurance manager of Deloitte and participated in the review of the new version of ITAF. “IT auditors are finding that more and more people are asking them not only to perform audits, but also to provide advice and advice to enterprises in the implementation of technology, which interferes with objectivity and independence. ITAF provides corresponding standards and guidance to help IT auditors perform different types of audits and advice more efficiently, comprehensively and in compliance,” Mais said.
ISACA ’s “ITAF Manual Implementation Guide 2208: Information Technology Audit Sampling” provides guidance for IT audit and assurance practitioners on audit sample design, sample selection and sample result evaluation. Reasonable sampling and evaluation can help to obtain sufficient and appropriate evidence to meet the corresponding requirements.