Updated framework addresses IT audit ethics and objectivity

Non-profit tech association ISACA has released the fourth edition of its Information Technology Audit Framework (ITAF), with updated guidance and professional standards. A companion white paper and sampling guide have also been released. Previous editions of ISACA’s ITAF have provided guidance for IT audit and assurance professionals, to help them perform effective audit reports.

The framework’s guidelines focus on planning, testing and reporting on IT processes, controls and related IT audit or assurance initiatives, and can support alignment of IT audit engagements with enterprise objectives and initiatives.

The latest edition establishes standards that address IT audit and assurance practitioners’ roles and responsibilities, ethics, professional and personal conduct, and required knowledge and skills. ITAF also defines terms and concepts specific for IT audit and assurance, and provides guidance for the planning, performance and reporting of IT audit and assurance engagements.

Relevant to Certified Information Systems Auditor (CISA) certification holders, ITAF is applicable to IT audits or assessment engagements, regardless of whether they are for an IT-related audit, or one that is financial, compliance-related or operational.

“IT auditors find themselves increasingly being asked to not only conduct audits, but also to advise or consult enterprises on implementing technologies, which can raise concerns around objectivity and independence,” said Mais Barouqa, Manager of IT Risk and Assurance, Deloitte. Barouqa added that ITAF provides standards and guidance that support IT auditors in performing different types of audit and advisory functions.

The fourth edition of ITAF has been updated to align with the steps of the audit process, including incorporation of more IT-specific guidance and examples, and emphasis on risk assessment during the audit planning phase to provide guidance that is applicable to the audit process.

ITAF also provides updated auditor objectivity content that is concise and easy to reference, with a format change to make the Framework more user friendly.

Nader Qaimari, ISACA Chief Product Officer, said launching the updated edition of ITAF is part of a commitment to ensure the IT audit profession has relevant and meaningful tools to drive excellence in IT audit at the enterprise level.

“ISACA is proud to provide information systems and IT professionals with the globally accepted best practices, guidance and frameworks that support and elevate them in their work,” said Qaimari.

The accompanying white paper, An ITAF Approach to IT Audit Advisory Services, explores the history and current landscape influencing auditors, as well as the challenges they can face around independence and objectivity.

The ITAF Companion Performance Guidelines provide guidance to IT audit and assurance practitioners in designing and selecting an audit sample and evaluating sample results. Appropriate sampling and evaluation help to achieve the requirements of sufficient and appropriate evidence.

Image credit: ©stock.adobe.com/au/Vitalii Vodolazskyi