ISACA is seeking public comment on a refresh of its IS Audit and Assurance Standards. The global association of 100,000 IT audit, security, risk and governance professionals has posted the exposure draft on the ISACA website and comments are being accepted through until 28 December 2012.
ISACA introduced its IT Audit and Assurance Standards in 1988. Now called the IS Audit and Assurance Standards, the refresh includes 17 standards that establish the mandatory requirements for an information systems (IS) audit and assurance professional to follow.
“The refreshed standards provide additional clarity to IS audit and assurance professionals by precisely stating the requirements of each standard, defining key terms used within each standard and enhancing their alignment with other global auditing standards,” said Krysten McCabe, CISA, director of ISACA and senior manager in the Assurance and Advisory Management Program at The Home Depot. “They also are fully integrated into the IT Assurance Framework (ITAF), which serves as a living reference framework that includes other ISACA tools and techniques, such as IS audit programs.”
ISACA’s Professional Standards Committee aims to have all standards and their associated guidelines updated, and exposed to public comment, by the end of 2013.
“The world of information systems is constantly evolving. Those who wish to gain assurance that their systems are working as anticipated must have trust in the standards that audit and assurance professionals are using to deliver that trust. Likewise, audit and assurance professionals need confidence that the guidelines that help them interpret and implement the standards are up to date and reflect changes in the world of information systems,” said Ian Sanderson, CISA, CRISC, FCA, specialist information systems auditor to the International Board of Auditors for NATO. “ISACA’s Professional Standards Committee is reviewing, refreshing and enhancing the IS Audit and Assurance Standards so that they continue to meet the needs and expectations of those placing trust in information systems and the professionals who deliver that trust.”