Global Technology Audit Guide (GTAG)
Written in straightorward business language to address a timely issue related to IT management, control, and security, the GTAGseries serves as a ready resource or chie audit executives on dierent technology-associated risks and recommended practices.
Information Technology Controls:
Topicsdiscussed include IT control concepts, theimportance o IT controls, theorganizational roles and responsibilities orensuring eective IT controls, and riskanalysis and monitoring techniques.
Change and PatchManagement Controls:Critical forOrganizationalSuccess
Change and Patch Management Controls:
Describes sources o change and their likelyimpact on business objectives, as well ashow change and patch managementcontrols help manage IT risks and costs andwhat works and doesn’t work in practice.
Continuous Auditing:Implications for Assurance,Monitoring, andRisk Assessment
Addresses the roleo continuous auditing in today’s internalaudit environment; the relationship o continuous auditing, continuousmonitoring, and continuous assurance; andthe application and implementation o continuous auditing.
Management of ITAuditing
Management of IT Auditing:
DiscussesIT-related risks and defnes the IT audituniverse, as well as how to execute andmanage the IT audit process.
Managingand AuditingPrivacy Risks
Managing and Auditing Privacy Risks:
Discusses global privacy principles andrameworks, privacy risk models andcontrols, the role o internal auditors, top 10privacy questions to ask during the course o the audit, and more.
Managing and AuditingIT Vulnerabilities
Managing and Auditing IT Vulnerabilities:
Among other topics, discusses thevulnerability management lie cycle, thescope o a vulnerability management audit,and metrics to measure vulnerabilitymanagement practices.
Information Technology Outsourcing:
Discusses how to choose the right IToutsourcing vendor and key outsourcingcontrol considerations rom the client’s andservice provider’s operation.
Auditing Application Controls:
Addressesthe concept o application control and itsrelationship with general controls, as well ashow to scope a risk-based applicationcontrol review.
Identity and AccessManagement
Identity and Access Management:
Coverskey concepts surrounding identity andaccess management (IAM), risks associatedwith IAM process, detailed guidance onhow to audit IAM processes, and a samplechecklist or auditors.
Business Continuity Management:
Defnesbusiness continuity management (BCM),discusses business risk, and includes adetailed discussion o BCM programrequirements.
Developing theIT Audit Plan
Developing the IT Audit Plan:
Providesstep-by-step guidance on how to develop anIT audit plan, rom understanding thebusiness, defning the IT audit universe, andperorming a risk assessment, to ormalizingthe IT audit plan.
Auditing IT Projects:
Provides an overviewo techniques or eectively engaging withproject teams and management to assess therisks related to IT projects.
Visit The IIA’s Web site at www.theiia.org/technology to download the entire series.