Skip Ribbon Commands
Skip to main content
Sign In

​Practice Guides
Strongly Recommended Guidance

Practice Guides provide detailed guidance for conducting internal audit activities. They include processes and procedures, tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables.

Practice Guides are restricted to IIA members only. 

Non-members may purchase Practice Guides by clicking on the links below.

Downloads and Links

Practice Guides — General

Practice Guides — Public Sector

Title Date​
Assessing Organizational Governance in the Public Sector Coming Soon
How to Build a Strategic Competency Plan in the Public Sector
Coming Soon

Practice Guides — GTAG®

Global Technology Audit Guides (GTAG)

GTAGs are written in straightforward business language and address timely issues related to information technology (IT) management, control, and security.

Title​ ​Date
GTAG 17: Auditing IT Governance​ July 2012​
GTAG 16: Data Analysis Technologies August 2011
GTAG 15: Information Security Governance June 2010​​​
GTAG 14: Auditing User-developed Applications June 2010​
GTAG 13: Fraud Prevention and Detection in an Automated World December 2009​​
GTAG 12: Auditing IT Projects March 2009​​
GTAG 11: Developing the IT Audit Plan January 2009​​
GTAG 10: Business Continuity Management January 2009​​
January 2009​​
January 2009​​
GTAG 7: Information Technology Outsourcing, 2nd Edition June 2012
GTAG 6: Managing and Auditing IT Vulnerabilities
PLEASE NOTE: GTAG 6 has been deleted from the IPPF. Some of its concepts are combined with the 2nd edition of GTAG 4.
DELETED
January 2013
GTAG 5: Managing and Auditing Privacy Risks
PLEASE NOTE: GTAG 5 has been replaced by the Auditing Privacy Risks, 2nd Edition Practice Guide.
REPLACED
July 2012
GTAG 4: Management of IT Auditing, 2nd Edition January 2013
GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment Update Coming Soon​​
GTAG 2: Change and Patch Management Controls: Critical for Organizational Success, 2nd Edition March 2012​​
GTAG 1: Information Technology Risk and Controls, 2nd Edition March 2012
 

Practice Guides — GAIT

Guide to the Assessment of IT Risk (GAIT)

The GAIT series of Practice Guides describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each guide addresses a specific aspect of IT risk and control assessment.

Title Date​
GAIT Methodology​ ​January 2009​
January 2009​​​
January 2009
 
 

Case Studies of Using GAIT for Business and IT Risk to Scope PCI Compliance
Following the GAIT-R principles and methodology, this paper provides two case studies of applying GAIT-R to PCI compliance.

IPPF
Now Available! IPPF 2013 Edition
Order the 2013 Edition.
Download the IPPF Practice Guide Overview, a quick reference to The IIA's most recent Practice Guide releases.