Information Technology - The Institute of Internal Auditors

Information Technology Guidance and Resources

Check out the latest Global Technology Audit Guides (GTAGs)
NEW! Business Continuity Management
A good business continuity management (BCM) program is designed to enable business leaders to manage the level of risk the organization could encounter if a natural or man-made disruptive event were to occur. This guide includes disaster recovery planning for continuity of critical information technology infrastructure and business application systems. Business Continuity Management also will help the chief audit executive (CAE) communicate business continuity risk awareness and support management in its development and maintenance of a BCM program. Download this GTAG (Guide 10)

NEW! GTAG11: Developing the IT Audit Plan
Results from several IIA external quality assessment reviews reveal that developing an appropriate IT audit plan is one of the weakest links in internal audit activities. Developing the IT Audit Plan can help CAEs and internal auditors:

Understand the organization and how IT supports it.
Define and understand the IT environment.
Identify the role of risk assessments in determining the IT audit universe.
Formalize the annual IT audit plan.

This GTAG also provides an example of a hypothetical organization. Download this guide.

Explore the links in the right-hand column for more technology-related guidance.

IT Guidance News and Updates
IT Policy Compliance Group announces the availability of its 2008 annual research report
Titled "IT Governance, Risk and Compliance - Improving business results and mitigating financial risk," (PDF, 1.75MB) the report incorporates responses from more than 2,600 global organizations and measures the impact that improvements to data protection, regulatory compliance and IT service level resiliency have had on business results, including: customer satisfaction, customer retention, revenue, expenses and profits.

What is The IIA Doing Regarding Technology? presentation (PDF, 500KB). Get a brief overview of The IIA's Advanced Technology Committee and the guidance it oversees.

The 3rd IT Audit Research Symposium -- July 6, 2008, San Francisco, USA
The IIA Research Foundation and Advanced Technology Committee (ATC) conducted the 3rd IT audit research symposium on July 6 at San Francisco in conjunction with IIA's International Conference. The topics discussed this year were:

XBRL (eXtensible Business Reporting Language) , The Impact on Assurance, New Challenges for the Audit Profession
Fraud Interviewing Techniques for Internal Auditors
Applying usability testing to evaluate information technology control of in-house developed software application

In addition, the symposium also invited Kurt Milne from ITPI to present the research findings of his IT controls project, and Glen Gray to update the community on the status of his research project, "How internal auditors can improve the success rate of system development projects".
Read more about the 2008 symposium.

IT Audit Research Symposium 2007 (PDF, 12KB)
IT Audit Research Symposium 2006 (PDF, 230 KB)

Quick Search Advanced Search Site Map IIA Popular Pages About the Profession New Fraud Guidance Virtual Seminars CIA Preparation GTAG Series		Home / Professional Guidance / Information Technology Information Technology Guidance and Resources Check out the latest Global Technology Audit Guides (GTAGs) *NEW!* Business Continuity Management A good business continuity management (BCM) program is designed to enable business leaders to manage the level of risk the organization could encounter if a natural or man-made disruptive event were to occur. This guide includes disaster recovery planning for continuity of critical information technology infrastructure and business application systems. Business Continuity Management also will help the chief audit executive (CAE) communicate business continuity risk awareness and support management in its development and maintenance of a BCM program. Download this GTAG (Guide 10) NEW! GTAG11: Developing the IT Audit Plan Results from several IIA external quality assessment reviews reveal that developing an appropriate IT audit plan is one of the weakest links in internal audit activities. Developing the IT Audit Plan can help CAEs and internal auditors: Understand the organization and how IT supports it. Define and understand the IT environment. Identify the role of risk assessments in determining the IT audit universe. Formalize the annual IT audit plan. This GTAG also provides an example of a hypothetical organization. Download this guide. Explore the links in the right-hand column for more technology-related guidance. IT Guidance News and Updates IT Policy Compliance Group announces the availability of its 2008 annual research report Titled "IT Governance, Risk and Compliance - Improving business results and mitigating financial risk," (PDF, 1.75MB) the report incorporates responses from more than 2,600 global organizations and measures the impact that improvements to data protection, regulatory compliance and IT service level resiliency have had on business results, including: customer satisfaction, customer retention, revenue, expenses and profits. What is The IIA Doing Regarding Technology? presentation (PDF, 500KB). Get a brief overview of The IIA's Advanced Technology Committee and the guidance it oversees. The 3rd IT Audit Research Symposium -- July 6, 2008, San Francisco, USA The IIA Research Foundation and Advanced Technology Committee (ATC) conducted the 3rd IT audit research symposium on July 6 at San Francisco in conjunction with IIA's International Conference. The topics discussed this year were: XBRL (eXtensible Business Reporting Language) , The Impact on Assurance, New Challenges for the Audit Profession Fraud Interviewing Techniques for Internal Auditors Applying usability testing to evaluate information technology control of in-house developed software application In addition, the symposium also invited Kurt Milne from ITPI to present the research findings of his IT controls project, and Glen Gray to update the community on the status of his research project, "How internal auditors can improve the success rate of system development projects". Read more about the 2008 symposium. IT Audit Research Symposium 2007 (PDF, 12KB) IT Audit Research Symposium 2006 (PDF, 230 KB)		IT-related audit guidance GTAG Series Read and download the entire Global Technology Audit Guides^® (GTAG^®). GAIT Project Learn more about the The Guide to the Assessment of IT Risk (GAIT) series. Each practice guide addresses a specific aspect of IT risk and control assessments. Other IT Resources Review some of the latest IT resources available for IT auditing.