GTAG: Auditing Identity and Access Management, 2nd Edition
Deccember 12, 2024
Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.
Identity and access management controls safeguard the confidentiality and integrity of systems and data by restricting users to only the rights needed to fulfill authorized actions.
This guide, now updated to align with the Global Internal Audit StandardsTM, helps internal auditors understand key terms and how to approach an audit engagement to ensure their organization’s IAM protocols mitigate potential security risks. Internal auditors will be able to provide assurance that controls for managing access to IT resources are well designed and effectively implemented.
This guidance supersedes the previous edition published in 2021.