Escolar Documentos
Profissional Documentos
Cultura Documentos
Recommended Guidance
Supplemental Guidance provides detailed guidance for conducting internal audit activities.
These include topical areas, sector-specific issues, as well as processes and procedures, tools
and techniques, programs, step-by-step approaches, and examples of deliverables.
Effective with the July 2015 launch of the New IPPF, all Practice Guides, Global Technology
Audit Guides (GTAGs), and Guides to the Assessment of IT Risks (GAIT) automatically
become part of the Recommended Supplemental Guidance layer.
GTAGs are written in straightforward business language and address timely issues related to
information technology (IT) management, control, and security.
Title Date
NEW GTAG! Assessing Cybersecurity Risk: Roles of the Three Lines of September
Defense 2016
NEW GTAG! Auditing Smart Devices: An Internal Auditor's Guide to
August 2016
Understanding and Auditing Smart Devices
GTAG 17: Auditing IT Governance July 2012
GTAG 16: Data Analysis Technologies August 2011
GTAG 15: Information Security Governance June 2010
GTAG 14: Auditing User-developed Applications June 2010
December
GTAG 13: Fraud Prevention and Detection in an Automated World
2009
GTAG 12: Auditing IT Projects March 2009
GTAG 11: Developing the IT Audit Plan January 2009
GTAG 10: Business Continuity Management January 2009
GTAG 9: Identity and Access Management January 2009
GTAG 8: Auditing Application Controls January 2009
GTAG 7: Information Technology Outsourcing, 2nd Edition June 2012
GTAG 6: Managing and Auditing IT Vulnerabilities
DELETED
PLEASE NOTE: GTAG 6 has been deleted from the IPPF. Some of its
January 2013
concepts are combined with the 2nd edition of GTAG 4.
GTAG 5: Managing and Auditing Privacy Risks
REPLACED
PLEASE NOTE: GTAG 5 has been replaced by the Auditing Privacy
July 2012
Risks, 2nd Edition Practice Guide.
GTAG 4: Management of IT Auditing, 2nd Edition January 2013
GTAG 3: Continuous Auditing: Coordinating Continuous Auditing and
March 2015
Monitoring to Provide Continuous Assurance, 2nd Edition
GTAG 2: Change and Patch Management Controls: Critical for
March 2012
Organizational Success, 2nd Edition
GTAG 1: Information Technology Risk and Controls, 2nd Edition March 2012
The GAIT series of Practice Guides describes the relationships among business risk, key controls within business processes,
automated controls and other critical IT functionality, and key controls within IT general controls. Each guide addresses a
specific aspect of IT risk and control assessment.
Title Date
GAIT Methodology January 2009
GAIT for IT General Control Deficiency Assessment January 2009
GAIT for Business and IT Risk January 2009
Case Studies of Using GAIT for Business and IT Risk to Scope PCI Compliance
Following the GAIT-R principles and methodology, this paper provides two case studies of
applying GAIT-R to PCI compliance.