GTAG 1 presentation (PPT, 290KB)
Global Technology Audit Guide (GTAG) series
Guide to the Assessment of IT Risk (GAIT) series
IT Audit Guidance main page
GTAG 1: Information Technology Controls
Download (members only): English (PDF, 1.8MB); Spanish (440KB); French (1.3MB)
Purchase from The IIA Research Foundation Bookstore
Rate this guide
The first GTAG, Information Technology Controls, covers technology topics, issues, and audit concerns as well as issues surrounding management, security, control, assurance, and risk management.
The IT controls guide provides:
- Guidance on IT topics impacting the organization's control and audit practices.
- Approaches to security, control, auditing, and assurance.
- Guidance on compliance with relevant legislation and regulations.
- Topical material for CAEs' discussions with executives and management.
- Executive summaries addressing concerns of governance and chief-level executives.
- Key elements for audit reviews, assessments, and assurance.
TABLE OF CONTENTS
Section 1: Letter from the President
Section 2: IT Controls - Executive Summary
Section 3: Introduction
Section 4: Assessing IT Controls - An Overview
Section 5: Understanding IT Controls
Section 6: Importance of IT Controls
Section 7: IT Roles in the Organization
Section 8: Analyzing Risk
Section 9: Monitoring and Techniques
Section 10: Assessment
Section 11: Conclusion
Section 12: Appendix A - Information Security Program Elements
Section 13: Appendix B - Compliance With Laws and Regulations
Section 14: Appendix C -Three Categories of IT Knowledge for Internal Auditors
Section 15: Appendix D - Compliance Frameworks
Section 16: Appendix E - Assessing IT Controls Using COSO
Section 17: Appendix F - ITGI Control Objectives for Information and Related Technology (CobiT)
Section 18: Appendix G - Example IT Control Metrics to Be Considered by Audit Committees
Section 19: Appendix H - CAE Checklist
Section 20: Appendix I - References
Section 21: Appendix J - Glossary
Authors
David Richards, CIA, President, The IIA
Charles Le Grand, CIA, CHL Global
Alan Oliphant, MIIA, QiCA, MAIR International
Questions about this guide for the authors? E-mail guidance@theiia.org.
A Norwegian translation is available by contacting IIA Norway.
Training in relation to this GTAG
The IIA also offers training either on site at your location or as part of our seminars program. To find out more, go to Introduction to IT Auditing (IIA/Deloitte)and also Information Security Concepts (IIA/Deloitte)