ISACA (Information Systems Audit and Control Association) has released the fifth edition of the IT Audit Framework (ITAF): A Professional Practices Framework for IT Audit, which now incorporates updated terminology, refreshed examples, and expanded scope to better address emerging technologies, digital trust considerations, and evolving audit practices.
Last updated in 2020, the comprehensive ITAF establishes standards that address IT audit and assurance practitioners’ roles and responsibilities, ethics, expected professional behavior, and required knowledge and skills; defines terms and concepts specific to IT audit and assurance; and provides guidance and techniques for the planning, performing, and reporting of IT audit and assurance engagements.
The latest edition of the ITAF also enhances clarity; integrates ISACA’s newest resources, including artificial intelligence audit guidance; and aims to support both traditional assurance functions and modern audit teams using data analytics, automation, agile methods, and AI, the Schaumburg, IL-based organization says.
Recommended Articles
The new framework places greater emphasis on governance, transparency, and readiness for advanced technologies while providing more practical, flexible, and globally relevant guidance, including through:
- Modernization of content and scope: The fifth edition updates terminology, definitions, and examples to reflect today’s technologies—such as cloud computing, AI/machine learning, and business automation—moving beyond the traditional IT control focus of the previous edition.
- Integration of digital trust and emerging technologies: The new framework incorporates digital trust concepts throughout planning, fieldwork, and reporting, and adds guidance for AI/ML auditing aligned with ISACA’s AI audit guidance and the broader digital trust ecosystem.
- Increased flexibility, practicality, and usability: This updated edition introduces language suitable for organizations of all sizes, adds practical examples, and improves clarity through a modernized layout.
- Expanded audit practices and governance expectations: The new version broadens the scope of IT audit to include data analytics, agile auditing, continuous assurance, and AI governance, with enhanced expectations for transparency, ethical technology use, and oversight of automated systems.
This latest edition of ITAF also includes an updated ITAF Companion Performance Guidelines 2208: Information Technology Audit Sampling that provides IT audit and assurance professionals with guidance in the design, selection, and evaluation of audit samples to obtain sufficient and appropriate evidence supporting audit conclusions. The updated guidelines better reflect data-driven and technology-enabled audit sampling approaches, the ISACA says.
“As technology rapidly advances, it is essential for IT audit and assurance professionals to keep pace with changing tech and industry standards to ensure they are most effective in conducting engagements and ensuring their organizations comply with mandatory requirements,” Mary Carmichael, executive advisor and principal director of strategy and risk at Momentum Technology, ISACA Vancouver Chapter board member, and the lead developer for the fifth edition of the ITAF, said in a statement. “The expanded and updated ITAF gives IT auditors a robust tool and trusted guidance for navigating today’s new challenges and ensuring trust in an increasingly complex and interconnected digital ecosystem.”
To access a complimentary fifth edition of the ITAF, visit here. Additional IT audit resources from ISACA can be found here.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
