Skip to Content
Press Enter

Auditing Insider Threat Programs

Global Practice Guide | Global Technology Audit Guide (GTAG) | Recommended | Issued and Effective | February 18, 2026

Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.
Global Practice Guide: Auditing Insider Threat Programs

Key risks associated with insider threats include sabotage, theft of organizational data, espionage, fraud, and criminal acts. Internal audit functions are well positioned to assess the effectiveness of insider threat programs and recommend potential enhancements to related governance, risk management, and control processes.

This GTAG offers a comprehensive examination of insider threats and related risks, providing an overview of threats, key risks, and potential impacts. Practical and easy-to-use tools help auditors get started.

The guidance replaces the 2018 edition.

Tools to use with this practice guide

Insider Threat Leading Practices
Insider Threat Assessment Using NIST Cybersecurity Framework

Learn more with our other resources

Online

Canada Connected: An Internal Audit Summit - for Canadians by Canadians

Webinar

Applying AI to Streamline Communication and Reporting

Guidance

Insider Threat Leading Practices

Essential News for Audit Leaders Network

CAE Bulletin Issue: February 18, 2026

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.