COMPONENTS OF ITAF
The Information Systems Audit Control Association (ISACA) has published a set of guidance known as the Information Technology Assurance Framework (ITAF). ITAF is intended to guide and direct the IT auditor, and the discharge of his or her professional duties. It is not meant to replace other audit guidance and framework, but rather to be used in conjunction with them in order to provide context specific guidance to the IT auditor. ITAF is divided into 4 core components: Code of Professional Ethics, Audit and Assurance Standards, Audit Guidelines, Audit and Procedures also called Tools and Techniques. Lastly, ITAF
The Code of Professional Ethics is put in place to establish a set of behavior norms for members of the IS audit and Assurance profession. The Code's goal is to guide the professional and personal conduct of its members.
One important consideration to note is that the Code of Professional Ethics can only be enforced against people who are members of ISACA and or the ones who hold any of the certifications sponsored by ISACA.
The Audit and Assurance Standards is intended to inform both the IS auditor of the minimum level of acceptable performance, as well as to highlight the management of the profession's expectations.
The Standards is split into three broad bodies:
General Standard: a set of guiding principles within which the IS assurance profession operates.
Performance Standard: deals with the conduct of the assignment, or how one is to plan the engagement.
Reporting Standard: addresses the types of reports, means of communication and the information communicated.
A second important thing to note regarding ITAF is that both the Code of Professional Ethics and the AA Standards are mandatory in all cases.
Audit Guidelines are not mandatory, but rather strongly recommended. It provides...