Press release

ISACA Updates IT Audit Framework (ITAF)

Sponsored by Businesswire

Many IT audit and assurance professionals have long relied on a single source of guidance to perform effective audit reports—the Information Technology Audit Framework (ITAF) from global non-profit tech association ISACA. ISACA has now released the fourth edition of ITAF with updated guidance and professional standards, as well as a companion white paper titled An ITAF Approach to IT Audit Advisory Services and a sampling guide titled ITAF Companion Performance Guidelines 2208: Information Technology Audit Sampling.

ITAF, which was last updated in 2014, establishes standards that:

  1. Address IT audit and assurance practitioners’ roles and responsibilities, ethics, professional and personal conduct, and required knowledge and skills
  2. Define terms and concepts specific for IT audit and assurance
  3. Provide guidance and techniques for the planning, performance and reporting of IT audit and assurance engagements

This fourth and latest edition of ITAF has been updated to align with the steps of the audit process, including:

  • Incorporation of more IT-specific guidance and examples
  • Emphasis on risk assessment during the audit planning phase to provide practitioners with guidance that is directly applicable to the audit process
  • Updated auditor objectivity content that is more concise and easier to reference
  • A format change to make ITAF more user friendly

Reviewed by audit professionals from major firms around the world, the framework’s guidelines focus on planning, testing and reporting on IT processes, controls and related IT audit or assurance initiatives, and can support alignment of IT audit engagements with enterprise objectives and initiatives. Highly relevant to Certified Information Systems Auditor (CISA) certification holders, ITAF is applicable to any IT audit or assessment engagement, regardless of whether it is for an IT-related audit, or one that is financial, compliance-related or operational.

“ISACA is proud to provide information systems and IT professionals with the globally accepted best practices, guidance and frameworks that support and elevate them in their work,” said Nader Qaimari, ISACA Chief Product Officer. “Launching this updated version of ITAF is part of this longstanding commitment to ensure the IT audit profession has the most relevant and meaningful tools and knowledge to drive excellence in IT audit at the enterprise level and in the field worldwide.”

Newly published white paper An ITAF Approach to IT Audit Advisory Services explores the history and current landscape influencing auditors, as well as the challenges they can face around independence and objectivity, and how ITAF provides solutions to resolve these challenges.

“IT auditors find themselves increasingly being asked to not only conduct audits, but also to advise or consult enterprises on implementing technologies, which can raise concerns around objectivity and independence,” said Mais Barouqa, manager of IT Risk and Assurance, Deloitte, who helped review the new edition of ITAF. “ITAF provides standards and guidelines that support IT auditors in effectively, thoroughly and ethically performing different types of audit and advisory functions.”

ISACA’s ITAF Companion Performance Guidelines 2208: Information Technology Audit Sampling provide guidance to IT audit and assurance practitioners in designing and selecting an audit sample and evaluating sample results. Appropriate sampling and evaluation help to achieve the requirements of sufficient and appropriate evidence.

To download the complimentary ITAF and translated versions, visit . The related white paper and sampling guide can be downloaded free of charge as well.


For more than 50 years, ISACA® ( has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide.