COMPONENTS OF ITAF
Information Systems Audit Control Association (ISACA) has published a set of guidance known as Information Technology Assurance Framework (ITAF). ITAF is intended to guide and direct the IT auditor, and the discharge of his or her professional duties. It is not meant to replace other audit guidance and framework, but rather to be used in conjunction in order to provide context specific guidance to the IT auditor. ITAF is divided into 4 core components: Code of Professional Ethics, Audit and Assurance Standards, Audit Guidelines, Audit and Procedures also called Tools and Techniques. Lastly, ITAF
Code of Professional Ethics is put in place to establish a set of behavior norms for members of the IS audit and Assurance profession. Its goal is to guide the professional and personal conduct of member
One important thing to note is that the Code of Professional Ethics can only be enforced against people who are members of ISACA and or the ones who hold any of the certifications sponsored by ISACA.
Audit and Assurance Standards is intended to inform both IS auditor of the minimum level of acceptable performance, as well as management of the profession's expectations. The Standards split into three broad bodies:
General Standard: a set of guiding principles under which IS assurance profession operates.
Performance Standard: deals with the conduct or the assignment, or how one is to plan the engagement.
Reporting Standard: addresses the types of reports, means of communication and the information communicated.
Second important thing to note regarding ITAF is that both Code of Professional Ethics and Standards are mandatory in all cases.
Audit Guidelines are not mandatory, but rather strongly recommended. It provides additional thought leadership and interpretation for the various standard mentioned above. It is divided into three bodied (General,