Guide to the Assessment of IT Risk (GAIT)

The Guide to the Assessment of IT Risk (GAIT) series describes the relationships among risk to the financial statements, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls (ITGC).

Each practice guide in the series addresses a specific aspect of IT risk and control assessments:

• The GAIT Methodology: a risk-based approach to assessing the scope of IT general controls
• GAIT for IT General Control Deficiency Assessment: an approach for evaluating whether any ITGC deficiencies identified during Section 404 assessments represent material weaknesses or significant deficiencies
• GAIT for Business and IT Risk: guidance for helping identify the IT controls that are critical to achieving business goals and objectives
  • Case Studies of Using GAIT-R to Scope PCI Compliance: Following the GAIT-R principles and methodology, this paper provides two case studies of applying GAIT-R to PCI compliance. (PDF, 400KB)

The guidance is offered free and available for download. Click the links above to go to the pages where you can learn more about the guides and to download them.