Practice Guides
Practice Guides provide detailed guidance for conducting internal audit activities. They include detailed processes and procedures, such as tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables.

Practice Guides are restricted to IIA members only. Learn more about becoming a member.

Practice Guides
PG Category Title Release Date
PG Practice Guide Overview December
2011
PG Reliance by Internal Audit on Other Assurance Providers December
2011
PG Independence and Objectivity October 2011
PG Interaction With the Board  August 2011
PG Auditing the Control Environment April 2011
PG Assisting Small Internal Audit Activities in Implementing the  International standards for the Professional Practice of Internal Auditing April 2011
PG Assessing the Adequacy of Risk Management Dec. 2010
PG Measuring Internal Audit Effectiveness and Efficiency Dec. 2010
PG CAEs - Appointment, Performance Evaluation and Termination May 2010
PG Auditing Executive Compensation and Benefits April 2010
PG Evaluating Corporate Social Responsibility/Sustainable Development Feb. 2010
PG Formulating and Expressing Internal Audit Opinions April 2009
PG Auditing External Business Relationships May 2009
PG Internal Auditing and Fraud Dec. 2009
GTAG (Global Technology Audit Guide)
The Global Technology Audit Guides are written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security.
PG GTAG-16 Data Analysis Technologies Aug  2011
PG GTAG-15 Information Security Governance June 2010
PG GTAG-14 Auditing User-developed Applications June 2010
PG GTAG-13 Fraud Prevention and Detection in an Automated World Dec. 2009
PG GTAG-12 Auditing IT Projects Mar. 2009
PG GTAG-11 Developing the IT Audit Plan Jan. 2009
PG GTAG-10 Business Continuity Management Jan. 2009
PG GTAG-9 Identity and Access Management Jan. 2009
PG GTAG-8 Auditing Application Controls Jan. 2009
PG GTAG-7 Information Technology Outsourcing Jan. 2009
PG GTAG-6 Managing and Auditing IT Vulnerabilities Jan. 2009
PG GTAG-5 Managing and Auditing Privacy Risks Jan. 2009
PG GTAG-4 Management of IT Auditing Jan. 2009
PG GTAG-3 Continuous Auditing: Implications for Assurance,
Monitoring, and Risk Assessment		 Jan. 2009
PG GTAG-2 Change and Patch Management Controls:
Critical for Organizational Success		 Jan. 2009
PG GTAG-1 Information Technology Controls Jan. 2009
GAIT (Guide to the Assessment of IT Risk)
The GAIT series describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each practice guide in the series addresses a specific aspect of IT risk and control assessments.
PG GAIT The GAIT Methodology Jan. 2009
PG GAIT GAIT for IT General Control Deficiency Assessment Jan. 2009
PG GAIT GAIT for Business and IT Risk Jan. 2009

 

 
© 2012 The Institute of Internal Auditors / 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA / +1-407-937-1100 / FAX +1-407-937-1101 • www.theiia.org