Information Technology Risks and Controls
The nature of technology is that it changes: making it critical to ensure the most up-to-date information is available. Since the first edition of GTAG 1: Information Technology Controls, was issued in 2005, the technology landscape has exploded, warranting an update of the guide.
The second edition of GTAG 1 still focuses on helping chief audit executives (CAEs) and their teams keep pace with the ever-changing and sometimes complex world of information technology (IT) by providing an overview of IT related risks and controls written in a reader-friendly style for non-technical business executives. It also empowers practitioners with the latest IT developements. However, it addresses critical developments since the first edition’s release.
Both senior management and the audit committee have an expectation that the internal audit activity will provide assurance around all important risks, including those introduced or enabled by the implementation of IT. The GTAG series helps the CAE and internal auditors become more knowledgeable of the risk, control, and governance issues surrounding technology.
The goal of GTAG 1 is to help internal auditors become more comfortable with general IT controls so they can confidently communicate with their audit committee and exchange risk and control ideas with the chief information officer (CIO) and IT management. This GTAG describes how members of governing bodies, executives, IT professionals, and internal auditors address significant IT related risk and control issues and presents relevant frameworks for assessing IT risk and controls. Moreover, it sets the stage for subsequent GTAG’s that cover specific IT topics, as well as associated business roles and responsibilities in greater detail.