IT Assurance Services Guidance 

    The guidance set forth provides the CPA with direction and best practices towards improving information quality and managing information risk towards providing independent and professional opinions that improve the quality of information given to management as well as other decision makers within an organization.


    Stack of guides represent GTAG documentsGTAG 2: Change and Patch Management Controls: Critical for Organizational Success
    Posted with permission by The Institute of Internal Auditors, this guide addresses the areas that are impacted by changes to the IT infrastructure. It also provides guidance on how to communicate to the board the risks and controls identified and assist the organization to stay abreast of the continual changes in regulatory requirements.

    GTAG 4: Management of IT Auditing
    Posted with permission by The Institute of Internal Auditors, GTAG 4: Management of IT Auditing covers how to define IT strategy, evaluate IT-related risk, execute IT audits, manage the IT audit function and features some of the emerging issues affecting this area.

    GTAG 8: Auditing Application Controls
    GTAG 8 attempts to bridge the gap between internal auditors and technologists through this comprehensive guide that breaks down the various risks associated with application controls and how internal auditing can help to mitigate those risks.

    GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
    This document provides guidance for CAEs on how implement an ideal strategy combing continuous auditing and continuous monitoring solutions to address these challenges.

    GTAG 7: Information Technology Outsourcing
    IT outsourcing is often defined as the use of service providers or vendors to create, maintain, or reengineer a company’s IT architecture and systems. Although this definition is deceptively simple, it encompasses a wide range of outsourcing activities.

    GTAG 11: Developing the IT Audit Plan
    As technology becomes more integral to the organization’s operations and activities, a major challenge for internal auditors is how to best approach a company-wide assessment of IT risks and controls within the scope of their overall assurance and consulting services.

    GAIT Principles

    Golden key represents principles of GAITThe GAIT Principles
    Each organization can use these principles in developing a more detailed process for defining the scope of their IT general controls.

    The GAIT Methodology: A risk-based approach to assessing the scope of IT General Controls
    A guide to assessing the scope of IT General Controls using a top-down and risk-based approach. The GAIT Methodology is based on The GAIT Principles, also published by The Institute of Internal Auditors.

    GAIT for Business and IT Risk

    GAIT for Business and IT Risk (GAIT-R) is a methodology for identifying all the key controls that are critical to achieving business goals and objectives.

    Additional Resources

    Tools for guidanceInstitute of Internal Auditors
    The Institute of Internal Auditors (IIA) is an international professional association that offers certification, education, research, and technological guidance for internal auditors.

    ISACA is a global organization for information governance, control, security and audit professionals. It offers IS auditing and IS control standards.

    Public Company Accounting Oversight Board
    The PCAOB is a private-sector, non-profit corporation, created by the Sarbanes-Oxley Act of 2002, to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.

    Copyright © 2006-2015 American Institute of CPAs.