Skip Ribbon Commands
Skip to main content

Global Technology Audit Guide (GTAG) 9: Identity and Access Management

GTAG 9Identity and access management (IAM) is a cross-functional process that helps organizations to manage who has access to what information over a period of time. Poor or loosely controlled IAM processes may lead to organizational regulatory noncompliance and an inability to determine whether company data is being misused.

CAEs should be involved in the development of the organization's IAM strategy as well as evaluate the implementation of the strategy and effectiveness of companywide access controls. The purpose of this GTAG is to provide insight into what IAM means to an organization and to suggest internal audit areas for investigation. It can assist CAEs and other internal auditors to understand, analyze, and monitor their organization's IAM processes. A checklist for IAM review is also included in this guide.

Downloads and Links

English     Spanish     French

Non-members may purchase this GTAG from the IIA Bookstore.


An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.