Practice Guides
Practice Guides provide detailed guidance for conducting internal audit activities. They include detailed processes and procedures, such as tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables.
Practice Guides are available as a members only resource or an be purchased as part of the International Professional Practices Framework (IPPF) from the
IIA's Bookstore.
Current Practice Guides
Global Technology Audit Guide (GTAG®) 04: Management of IT Auditing (  , 336 KB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
IT is changing the nature of the internal audit function. As new risks emerge, new audit procedures are required to manage these risks adequately. This global technoglogy audit guide aims to help CAEs plan and manage the IT audit function more effectively and efficiently and covers area such as evaluating IT-related risks, defining the IT audit universe, executing IT audits, and managing the IT audit function.
|
| Global Technology Audit Guide (GTAG®) 05: Managing and Auditing Privacy Risks ( , 1.23 MB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
This global technology audit guide is intended to provide the CAE, internal auditors, and management with insight into privacy risks that the organisation should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks to help readers understand the basic concepts and find the right sources for more guidance regarding expectations and what works well in a variety of environments. It also covers how internal auditors complete privacy assessments.
|
| Global Technology Audit Guide (GTAG®) 06: Managing and Auditing IT Vulnerabilities ( , 631 KB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
This global technology audit guide aims to help CAEs pose the correct questions to their IT security staff when assessing the effectiveness of their vulnerability management processes. The guide recommends specific management practices to help an organisation achieve and sustain higher levels of effectiveness and efficiency and illustrates the differences between high- and low-performing vulnerability management efforts.
|
| Global Technology Audit Guide (GTAG®) 07: Information Technology Outsourcing ( , 909 KB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
This global technology audit guide provides the CAE, internal auditors, and management with the information on the types of IT outsourcing activities, the IT outsourcing lifecycle, and how outsourcing activities should be managed by implementing well defined plans that are supported by a companywide risk, control, compliance, and governance framework.
|
| Global Technology Audit Guide (GTAG®) 08: Auditing Application Controls ( , 1.65 MB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
This global technology audit guide provides CAEs with information about application controls and their benefits, application control review scoping and approaches, and other considerations. The guide also includes a list of common application controls and a sample audit plan.
|
| Global Technology Audit Guide (GTAG®) 09: Identity and Access Management ( , 1 MB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
This global technology audit guide aims to provide insight into what identity and access management (IAM) means to an organisation and to suggest internal audit areas for investigation. It can assist CAEs and other internal auditors to understand, analyze, and monitor their organisation's IAM processes. A checklist for IAM review is also included in this guide.
|
| Global Technology Audit Guide (GTAG®) 10: Business Continuity Management ( , 1.6 MB ) |
| 01-Jan-2009 | Practice Guide | IIA Global | Access: All Members |
This global technology audit guide focuses on how business continuity management (BCM), as a program or framework, is designed to enable business leaders to manage the level of risk the organisation could potentially encounter if a natural or man-made disruptive event that affects the extended operability of the organisation were to occur.The guide includes disaster recovery planning (DRP) for continuity of critical information technology infrastructure and business application systems, because many business functions are predominately automated. This will help the CAE establish the basis for exercising an effective assessment and reporting key information to stakeholders.
|
Can't Access the Practice Advisories? Join IIA Now!
Learn more about member
exclusive benefitsand
join IIA today.
