GTAG 5: Managing and Auditing Privacy Risks - The Institute of Internal Auditors

GTAG 5 Cover Guide 5: Managing and Auditing Privacy Risks
One of the many challenging and formidable risk management issues faced by organizations today is protecting the privacy of customers' and employees' personal information. The cost from privacy breaches is increasing everyday. The organization's customers, suppliers, and business partners want assurances that the personal information collected from them is protected and used only for the purposes for which it was originally collected.

Global Technology Audit Guide (GTAG^®) 5: Managing and Auditing Privacy Risks is intended to provide the chief audit executive (CAE), internal auditors, and management with insight into privacy risks that the organization should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks which help to understand the basic concepts and aid in finding the right sources for more guidance regarding expectations and what works well in a variety of environments. It also covers the details on how internal auditors complete privacy assessments.

Privacy, from the consumers' and employees' point of view, is about keeping a promise. It's about:

Gathering the minimal amount of personal information necessary to provide a product or service.
Protecting personal information against unauthorized view or use.
Sharing personal information in accordance with the organization's privacy policy.
Disposing of personal information in a safe manner.

Here is the outline of the guide.

What is Privacy?
Privacy Principles and Frameworks
Privacy Risk Management
Privacy and Business
Auditing Privacy
Top 10 Privacy Questions CAEs Should Ask

Authors: Ulrich Hahn, Ph.D., Switzerland/Germany
Ken Askelson, JCPenney, USA
Robert Stiles, Texas Guaranteed (TG), USA

Download GTAG 5: Managing and Auditing Privacy Risks (PDF 752KB)
Purchase printed version.

Download GTAG 5 PowerPoint slides (PPT)

Download form for permission to translate to another language (Word, 95KB)

Quick Search Advanced Search Site Map IIA Popular Pages CIA Exam Content CFSA Individual Memberships Code of Ethics Information Technology		Home / Professional Guidance / Information Technology / GTAG / GTAG5 Guide 5: Managing and Auditing Privacy Risks One of the many challenging and formidable risk management issues faced by organizations today is protecting the privacy of customers' and employees' personal information. The cost from privacy breaches is increasing everyday. The organization's customers, suppliers, and business partners want assurances that the personal information collected from them is protected and used only for the purposes for which it was originally collected. Global Technology Audit Guide (GTAG^®) 5: Managing and Auditing Privacy Risks is intended to provide the chief audit executive (CAE), internal auditors, and management with insight into privacy risks that the organization should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks which help to understand the basic concepts and aid in finding the right sources for more guidance regarding expectations and what works well in a variety of environments. It also covers the details on how internal auditors complete privacy assessments. Privacy, from the consumers' and employees' point of view, is about keeping a promise. It's about: Gathering the minimal amount of personal information necessary to provide a product or service. Protecting personal information against unauthorized view or use. Sharing personal information in accordance with the organization's privacy policy. Disposing of personal information in a safe manner. Here is the outline of the guide. What is Privacy? Privacy Principles and Frameworks Privacy Risk Management Privacy and Business Auditing Privacy Top 10 Privacy Questions CAEs Should Ask Authors: Ulrich Hahn, Ph.D., Switzerland/Germany Ken Askelson, JCPenney, USA Robert Stiles, Texas Guaranteed (TG), USA Download GTAG 5: Managing and Auditing Privacy Risks (PDF 752KB) Purchase printed version. Download GTAG 5 PowerPoint slides (PPT) Download form for permission to translate to another language (Word, 95KB)		Global Technology Audit Guides (GTAG^®) Guide 1 Guide 2 Guide 3 Guide 4 Guide 5 Guide 6 Guide 7 Guide 8 Guide 9 IT Resources Review some of the latest IT Resources available for IT auditing. GAIT Project Learn more about the ongoing IT auditing guidance project known as the Guide to the Assessment of ITGeneral Controls Scope Based on Risk (GAIT). Information Technology