This GTAG helps chief audit executives (CAEs) and their teams keep pace with the ever-changing and sometimes complex world of information technology (IT). By providing an overview of IT-related risks and controls written in a reader-friendly style for business executives, rather than the highly technical language, both senior management and the audit committee have an expectation that the internal audit activity will provide assurance around all important risks. The GTAG series helps the CAE and internal auditors become more knowledgeable of the risk, control, and governance issues surrounding technology.
The goal of the first GTAG is to help internal auditors become more comfortable with general IT controls so they can confidently communicate with their audit committee and exchange risk and control ideas with the chief information officer (CIO) and IT management. This GTAG describes how members of governing bodies, executives, IT professionals, and internal auditors address significant IT-related risk and control issues and presents relevant frameworks for assessing IT risk and controls. Moreover, it sets the stage for subsequent GTAGs that cover specific IT topics and associated business roles and responsibilities in greater detail.