Guide to the Assessment of IT Risk (GAIT)
The GAIT series describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each practice guide in the series addresses a specific aspect of IT risk and control assessments. 

GAIT Practice Guides include

  • The GAIT Methodology PG: a risk-based approach to assessing the scope of IT general controls as part of management’s assessment of internal control required by Section 404 of the Sarbanes-Oxley Act

  • GAIT for IT General Control Deficiency Assessment PG: an approach for evaluating whether any ITGC deficiencies identified during Section 404 assessments represent material weaknesses or significant deficiencies

  • GAIT for Business and IT Risk PG: : guidance for helping identify the IT controls that are critical to achieving business goals and objectives   


© 2015 The Institute of Internal Auditors / 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA / +1-407-937-1100 / FAX +1-407-937-1101 •