Chapter 4. Standards and Guidelines for IS Auditing

This chapter explores in detail the Information Systems Audit and Control Association (ISACA) Code of Professional Ethics and the current ISACA IS Auditing Standards and Guidelines Standards as well as the Institute of Internal Auditors (IIA) Code of Ethics, Standards for the Professional Practice of Internal Auditing and Practice Advisories. In addition, standards and guidelines other than the ISACA and IIA models are explored.

IIA Standards

In 1978 the IIA introduced the Standards for the Professional Practice of Internal Auditing to be used around the world in order to provide international consistency and as a measurement tool for audit quality assurance. These consisted of 5 general and 25 specific standards together with numerous Statements on Auditing Standards. Standards were considered mandatory while non-mandatory Guidelines were also included.

The IIA standards were intended to establish a yardstick for consistent measurement of Internal Auditing operations. This allowed the unification of internal auditing worldwide by improving internal audit practice, proclaiming the role, scope, performance, and objectives of internal auditing, promoting the recognition of internal auditing as a profession, and promoting responsibility within the internal auditing profession.

As part of its ongoing research into the evolving role of internal auditing, an extensive research project known as the Competency Framework for Internal Auditing ...

Get Auditor’s Guide to Information Systems Auditing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.