The Institute of Internal Auditors has released a series of free reports for chief internal audit executives and their staffs intended to provide guidance in assessing technology-associated risks and implementing best practices.
The Global Technology Audit Guide series offers non-technical guidance on analyzing, assessing and maintaining IT controls and discussing IT risk management strategies across the enterprise with senior management and audit committees.
The first GTAG, Information Technology Controls, provides an overview of the key components of IT control assessment with an emphasis on the roles and responsibilities for key constituents and provides a framework for assessing IT controls.
Future editions of the GTAG series will address topics such as assessing controls for change and patch management, continuous monitoring, and privacy.
The next guide, Change and Patch Management Controls: Critical for Organizational Success, will be available this summer and will provide guidance for evaluating and mitigating change-management risks, as well as complying with constantly changing regulatory requirements.
The material provided in the global series includes input from audit and security experts, board members, chief executives, financial executives, technology providers, and IT and security executives.
GTAG partners involved in the review process include the American Institute of CPAs, Center for Internet Security, Canadian Institute of Chartered Accountants, Carnegie Melon University Software Engineering Institute, International Federation of Accountants, Information Systems Security Association, National Association of Corporate Directors, and SANS Institute.The IT Controls GTAG and a pre-release draft of Change and Patch Management Controls GTAG are available at
