Skip to Content
Press Enter

Recommended Guidance

GTAG: Auditing IT Governance

September 10, 2021

Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.
gtag-auditing-it-governance.png

The internal audit activity is uniquely positioned and staffed within an organization to assess whether the information technology governance of the organization supports the organization’s strategies and objectives and to make recommendations as needed.

Internal audits of IT governance should focus beyond the implementation of governance practices. Internal audit adds value to the organization by assessing the effectiveness of IT governance components, and providing assurance to stakeholders that principles and practices are followed and working as intended. Internal audit assessments will likely include activities such as:

  • Assessing the degree to which IT governance activities and standards are consistent with the internal audit activity’s understanding of the organization’s risk appetite.
  • Conducting consulting engagements as allowed by the audit charter and approved by the board.
  • Ongoing dialogue with senior management and the board to ensure that substantial organizational and risk changes are being addressed in a timely manner.

As the second edition of “Auditing IT Governance,” this GTAG has been updated to reflect the 2017 International Professional Practices Framework and to be more directly practical to internal auditors. This edition provides tools and techniques to help internal auditors build a work program and perform engagements involving IT governance.

The IIA

The Institute of Internal Auditors

Guidance

Global Practice Guide: Coordination and Reliance: Working with Other Assurance Providers

Guidance

Auditing Capital Adequacy and Stress Testing for Banks

Global Technology Audit Guides

GTAG: Auditing Cybersecurity Operations: Prevention and Detection, 2nd Edition

Global Technology Audit Guides

GTAG: Auditing Identity and Access Management, 2nd Edition

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.