GAIT for Business and IT Risk - Download PDF
- Item No. : 2028.dl
- Publisher : The Institute of Internal Auditors
- Publish Date : March 2008
- Media : Download
- Page count : 22
- Member Price : $0.00
- Non-Member Price : $25.00
This GAIT is provided as a service to members of The IIA.
Learn more about the value of an IIA Membership. What is it?
GAIT for Business and IT Risk, or GAIT-R, focuses on identifying the key controls that are essential to achieving business goals and objectives.
Learn more about the value of an IIA Membership.
What is it?
Who is it for?
GAIT-R was developed primarily for internal audit practitioners. It also can be used by IT governance and security managers or those who are charged with designing and managing IT risks within their organizations.
How can it help you?
GAIT-R improves the efficiency and effectiveness of internal audit functions by enabling a focus on business risk and minimizing attention to IT risks that are not critical to the organization. It enables chief audit executives (CAEs) to provide assurance on business risk with the comfort that IT-related issues are given the appropriate level of consideration.
Similarly to the other practice guides in the GAIT series, the GAIT-R methodology is built around a set of principles:
1. The failure of technology is only a risk that needs to be assessed, managed, and audited if it represents a risk to the business.
2. Key controls should be identified as the result of a top-down assessment of business risks, risk tolerance, and the controls - including automated controls and IT general controls (ITGCs) - required to manage or mitigate business risk.
3. Business risks are mitigated by a combination of manual and automated key controls. To assess the system of internal control to manage or mitigate business risks, key automated controls need to be assessed.