Updated framework addresses IT audit ethics and objectivity


Wednesday, 28 October, 2020

Updated framework addresses IT audit ethics and objectivity

Non-profit tech association ISACA has released the fourth edition of its Information Technology Audit Framework (ITAF), with updated guidance and professional standards. A companion white paper and sampling guide have also been released. Previous editions of ISACA’s ITAF have provided guidance for IT audit and assurance professionals, to help them perform effective audit reports.

The framework’s guidelines focus on planning, testing and reporting on IT processes, controls and related IT audit or assurance initiatives, and can support alignment of IT audit engagements with enterprise objectives and initiatives.

The latest edition establishes standards that address IT audit and assurance practitioners’ roles and responsibilities, ethics, professional and personal conduct, and required knowledge and skills. ITAF also defines terms and concepts specific for IT audit and assurance, and provides guidance for the planning, performance and reporting of IT audit and assurance engagements.

Relevant to Certified Information Systems Auditor (CISA) certification holders, ITAF is applicable to IT audits or assessment engagements, regardless of whether they are for an IT-related audit, or one that is financial, compliance-related or operational.

“IT auditors find themselves increasingly being asked to not only conduct audits, but also to advise or consult enterprises on implementing technologies, which can raise concerns around objectivity and independence,” said Mais Barouqa, Manager of IT Risk and Assurance, Deloitte. Barouqa added that ITAF provides standards and guidance that support IT auditors in performing different types of audit and advisory functions.

The fourth edition of ITAF has been updated to align with the steps of the audit process, including incorporation of more IT-specific guidance and examples, and emphasis on risk assessment during the audit planning phase to provide guidance that is applicable to the audit process.

ITAF also provides updated auditor objectivity content that is concise and easy to reference, with a format change to make the Framework more user friendly.

Nader Qaimari, ISACA Chief Product Officer, said launching the updated edition of ITAF is part of a commitment to ensure the IT audit profession has relevant and meaningful tools to drive excellence in IT audit at the enterprise level.

“ISACA is proud to provide information systems and IT professionals with the globally accepted best practices, guidance and frameworks that support and elevate them in their work,” said Qaimari.

The accompanying white paper, An ITAF Approach to IT Audit Advisory Services, explores the history and current landscape influencing auditors, as well as the challenges they can face around independence and objectivity.

The ITAF Companion Performance Guidelines provide guidance to IT audit and assurance practitioners in designing and selecting an audit sample and evaluating sample results. Appropriate sampling and evaluation help to achieve the requirements of sufficient and appropriate evidence.

Image credit: ©stock.adobe.com/au/Vitalii Vodolazskyi

Related News

Queensland Rugby League invests in TechnologyOne SaaS solution

Queensland Rugby League has invested in OneCorporate, a new enterprise software solution from...

EFTPOS launches eQR, eComm APIs

EFTPOS has announced the availability of new APIs to enable Australian fintechs to create...

ACCC approves eftpos, BPAY, NPP merger

The ACCC has authorised the proposed merger of eftpos with BPAY Group Holding and NPP Australia,...


  • All content Copyright © 2021 Westwick-Farrow Pty Ltd