Recent rapid evolution in the technology space has led to significant shifts and new considerations for the audit profession as well. IT audit and assurance professionals can arm themselves with new tools to help them keep pace, including ISACA’s newly updated IT Audit Framework (ITAF): A Professional Practices Framework for IT Audit. The revamped 5th edition now incorporates updated terminology, refreshed examples, and expanded scope to better address emerging technologies, digital trust considerations, and evolving audit practices.
A longtime mainstay for audit and assurance professionals, ITAF was last updated in 2020. The comprehensive IT audit framework establishes standards that address IT audit and assurance practitioners’ roles and responsibilities, ethics, expected professional behavior, and required knowledge and skills; defines terms and concepts specific to IT audit and assurance; and provides guidance and techniques for the planning, performing and reporting of IT audit and assurance engagements.
ITAF, 5th Edition, enhances clarity, integrates ISACA’s newest resources, including AI audit guidance, and aims to support both traditional assurance functions and modern audit teams using data analytics, automation, agile methods, and AI. The new framework places greater emphasis on governance, transparency, and readiness for advanced technologies while providing more practical, flexible, and globally relevant guidance, including through:
- Modernization of content and scope: Updates terminology, definitions, and examples to reflect today’s technologies—such as cloud computing, AI/ML, and business automation—moving beyond the traditional IT control focus of the previous edition.
- Integration of digital trust and emerging technologies: Incorporates digital trust concepts throughout planning, fieldwork, and reporting, and adds guidance for AI/ML auditing aligned with ISACA’s AI audit guidance and the broader digital trust ecosystem.
- Increased flexibility, practicality, and usability: Introduces language suitable for organizations of all sizes, adds practical examples, and improves clarity through a modernized layout.
- Expanded audit practices and governance expectations: Broadens the scope of IT audit to include data analytics, agile auditing, continuous assurance, and AI governance, with enhanced expectations for transparency, ethical technology use, and oversight of automated systems.
This latest edition also includes an updated ITAF Companion Performance Guidelines 2208 that provides IT audit and assurance professionals with guidance in the design, selection, and evaluation of audit samples to obtain sufficient and appropriate evidence supporting audit conclusions. The updated guidelines better reflect data-driven and technology-enabled audit sampling approaches.
“As technology rapidly advances, it is essential for IT audit and assurance professionals to keep pace with changing tech and industry standards to ensure they are most effective in conducting engagements and ensuring their organizations comply with mandatory requirements,” said Mary Carmichael, Executive Advisor and Principal Director, Strategy and Risk at Momentum Technology, and the lead developer for ITAF, 5th edition. “The expanded and updated ITAF gives IT auditors a robust tool and trusted guidance for navigating today’s new challenges and ensuring trust in an increasingly complex and interconnected digital ecosystem.”
To access the complimentary ITAF, 5th Edition, visit https://store.isaca.org/s/store#/store/browse/detail/a2SVQ0000029jHh2AI/. Explore ISACA’s IT audit resources at https://www.isaca.org/resources/it-audit.
