A PROFESSIONAL PRACTICES FRAMEWORK FOR IT ASSURANCE
ITAF™: A Professional Practices Framework for IT Assurance—Summary Document
ISACA® With more than 65,000 members in more than 140 countries, ISACA (www.isaca.org) is a recognised worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences;publishes the Information Systems Control Journal®; and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®) designation, earned by more than 50,000 professionals since 1978; the Certified Information Security Manager® (CISM®) designation, earned by 7,000 professionals since 2002; and thenew Certified in the Governance of Enterprise IT™ (CGEIT™) designation. Disclaimer ISACA (the ‘Owner’) and the author have designed and created this publication, titled ITAFTM: A Professional Practices Framework for IT Assurance—Summary Document (the ‘Work’), primarily as an educational resource for assurance professionals. The Owner makes no claim that use of any of the Work will assure asuccessful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, control professionals should apply their own professional judgement to the specific circumstancespresented by the particular systems or information technology environment. Disclosure © 2008 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written authorisation of ISACA.Reproduction and use of all or portions of this publication are solely permitted for academic, internal and non-commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443E-mail: firstname.lastname@example.org Web site: www.isaca.org
ITAFTM: A Professional Practices Framework for IT Assurance—Summary Document Printed in the United States of America
ISACA wishes to recognise:
Researcher Robert G. Parker, CISA, CA, CMC, FCA, Deloittte & Touche LLP (retired), Canada Expert Reviewers Colin Booth, CISA, Canada Mahesh S. Lad,CISA, Vantej Inc., Canada ISACA Board of Directors Lynn Lawton, CISA, FBCS CITP, FCA, FIIA, PIIA, KPMG LLP, UK, International President Georges Ataya, CISA, CISM, CISSP, ICT Control sa-nv, Belgium, Vice President Avinash Kadam, CISA, CISM, CBCP, CISSP, GCIH, GSEC, Miel e-Security Pvt. Ltd., India, Vice President Howard Nicholson, CISA, City of Salisbury, Australia, Vice President Jose Angel PeñaIbarra, Consultoria en Comunicaciones e Info., SA & CV Mexico, Vice President , Robert E. Stroud, CA Inc., USA, Vice President Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP, USA, Vice President Frank Yam, CISA, FHKCS, FHKIoD, CIA, CCP, CFE, CFSA, FFA, Focus Strategic Group, Hong Kong, Vice President Marios Damianides, CISA, CISM, CA, CPA, Ernst & Young LLP, USA, Past International PresidentEverett C. Johnson Jr., CPA, Deloitte & Touche LLP (retired), USA, Past International President Emil D’Angelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd., USA, Director Gregory T. Grocholski, CISA, The Dow Chemical Company, USA, Director Assurance Committee Gregory T. Grocholski, CISA, The Dow Chemical Company, USA, Chair Pippa G. Andrews, CISA, ACA, CIA, Amcor, Australia Robert Johnson, CISA,...