The Institute of Internal Auditors
Overview: The purpose of this GTAG is to explain IT risks and controls in a format that allows CAEs and internal auditors to understand and communicate the need for strong IT controls. It is organized to enable the reader to move through the framework for assessing IT controls and to address specific topics based on need. This GTAG provides an overview of the key components of IT control assessment with an emphasis on the roles and responsibilities of key constituents within the organization who can drive governance of IT resources.
Some readers already may be familiar with some aspects of this GTAG, but some segments will provide new perspectives on how to approach IT risks and controls. One goal of this GTAG, and others in the series, is that IT control assessment components can be used to educate others about what IT risk and controls are and why management and internal audit should ensure proper attention is paid to fundamental IT risks and controls to enable and sustain an effective IT control environment.
