Skip Ribbon Commands
Skip to main content

Global Technology Audit Guide (GTAG) 15: Information Security Governance

GTAG 15Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.

This GTAG will provide a thought process to assist the CAE in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.

GTAG 15: Information Security Governance will assist efforts to:

  • Define ISG.
  • Help internal auditors understand the right questions to ask and know what documentation is required.
  • Describe the internal audit activity’s (IAA) role in ISG.

Downloads and Links

English     Thai

Non-members may purchase this GTAG from the IIA Bookstore.


An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.