Standards and Guidelines for IT Auditing

THIS CHAPTER EXPLORES in detail the Information Systems Audit and Control Association (ISACA) Code of Professional Ethics and the current ISACA Information Technology (IT) Auditing Standards and Guidelines Standards as well as the Institute of Internal Auditors (IIA) Code of Ethics, Standards for the Professional Practice of Internal Auditing and Practice Advisories. In addition, standards and guidelines other than the ISACA and IIA models are explored.


In 1978 the IIA introduced the Standards for the Professional Practice of Internal Auditing to be used around the world in order to provide international consistency and as a measurement tool for audit quality assurance. These consisted of five general and 25 specific standards together with numerous Statements on Auditing Standards. Standards were considered mandatory while non-mandatory Guidelines were also included.

The IIA standards were intended to establish a yardstick for consistent measurement of internal auditing operations. This allowed the unification of internal auditing worldwide by improving internal audit practice, proclaiming the role, scope, performance, and objectives of internal auditing, promoting the recognition of internal auditing as a profession, and promoting responsibility within the internal auditing profession.

As part of its ongoing research into the evolving role of internal auditing, an extensive research project known as the Competency ...

Get Auditor's Guide to IT Auditing, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.