Standards & Guidance — International Professional Practices Framework (IPPF)®
The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal Auditors. A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as
mandatory guidance and recommended guidance.
NEW! Global Technology Audit Guide: Auditing Identity and Access Management
Identity and access management covers the policies, processes, and tools for ensuring users have appropriate access to IT resources.
The “Auditing Identity and Access Management” GTAG will help internal auditors understand key terms and how to approach an audit to ensure their organization’s IAM protocols help mitigate potential security and regulatory risks. This knowledge will help internal auditors provide assurance that controls for managing access to IT resources are well designed and effectively implemented.
This guidance will enable internal auditors to understand:
- IAM and develop a working knowledge of relevant processes, including related governance and security controls.
- Risks and opportunities associated with IAM.
- Components of the IAM process, including provisioning IDs, administering and authorizing access rights, and maintaining enforcement through authentication, reauthorization reviews, and automated account deactivation processes.
- Some of the considerations and strategies for implementing IAM controls.
- The basics of auditing IAM, including specific controls that should be evaluated.
Nonmembers may purchase Supplemental Guidance by visiting the IIA Bookstore.
Standards for auditing establish the general specifications that define the essential attributes required for a quality audit. They include the characteristics that should be met in planning, conducting, and reporting an audit, providing a basis for ensuring audit quality.
The IIA and the Government Accountability Office (GAO) are both recognized nationally and internationally as leaders in promoting high-quality audit work. Respectively, these organizations have promulgated the
International Professional Practices Framework (IPPF) and Generally Accepted Government Auditing Standards, the two most commonly used sets of standards for public sector auditing in the United States. References to these standards are available below.
The PSAC is committed to providing members with the latest, most relevant guidance and resources for auditors in the public sector and many other resources are consolidated for quick access below.
International Professional Practices Framework (IPPF)
The IPPF is the conceptual framework that organizes authoritative guidance promulgated by The IIA. A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as
mandatory guidance and
Generally Accepted Government Auditing Standards (GAGAS)
GAGAS — often referred to as Yellow Book — provides a framework for conducting high-quality audits with competence, integrity, objectivity, and independence.
The IIA has developed a guide that compares and contrasts these two guiding documents:
International Standards for the Professional Practice of Internal Auditing / Government Accountability Office / Government Audit Standards (GAGAS), A Comparison, 2nd Edition). Called the Red/Yellow book, it identifies the differences between the two and offers suggestions for organizations that follow both.
Other Standards That May Apply to Government Audit Organizations
There are other sets of standards set by internationally-based organizations that may apply to public sector auditors in the United States. These include the
International Standards of Supreme Audit Institutions (ISSAIs) set by the International Organisation of Supreme Audit Institutions (INTOSAI) and the
International Standards on Auditing (ISA) set by the International Auditing and Assurance Standards Board (IAASB) under the authority of the International Federation of Accountants (IFAC).