Framework and Guides

Get expert guidance, research policies and procedures to stay ahead of the curve in your IT audit and assurance career.

Artificial Intelligence Audit Toolkit

Artificial Intelligence Audit Toolkit

As the use of AI increases and becomes more integral in enterprise product and service delivery, it will come under more audit scrutiny. Audit coverage and assessment techniques will need to be dynamic and multi-disciplinary to keep pace with the breakneck speed in advancement and continuous development of AI-enabled systems.

Learn more
ISACA Cybersecurity Audit Program: Based on the NIST Cybersecurity Framework 2.0

ISACA Cybersecurity Audit Program: Based on the NIST Cybersecurity Framework 2.0

ISACA has updated its Cybersecurity Audit Program, adapted from the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (released in February 2024).

Learn more
Zero Trust Audit Program

Zero Trust Audit Program

Zero Trust is a security model that requires all users of an organization's network to be authenticated, authorized, reviewed, and validated periodically to ensure appropriate access privileges are granted and maintained and more importantly rights are deactivated when they are no longer needed to perform work duties.

Learn more
PCI DSS v4.0 Audit Program

PCI DSS v4.0 Audit Program

The Payment Card Industry Data Security Standard (PCI DSS) is a framework designed by major credit card brands that lays a foundation of stringent security controls to reduce fraud as it pertains to cardholder data.

Learn More
witaf4

IT Audit Framework (ITAF), 4th Edition

Get the guidance and techniques that will lend consistency and effectiveness to your audits. The new 4th edition of IT Audit Framework (ITAF) outlines standards and best practices aligned with the sequence of the audit process (risk assessment, planning and field work) to guide you in assessing the operational effectiveness of an enterprise and in ensuring compliance.

Learn More
Certification and Training

Advance your expertise and add to your career potential or enterprise skillset with training developed and delivered by the experts in IT audit.

CISA

Certified Information Systems Auditor (CISA)

The CISA certification is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. This certification is a must have for entry to mid-career IT professionals looking for leverage in career growth. The CISA exam is now available via remote proctoring!

Learn More

CISA

CISA Exam Prep from ISACA

Whether you prefer to prep on your own time or with the additional guidance and interaction that comes with live, expert instruction, ISACA has the right test prep solutions for every professional. Choose what works for your schedule and your studying needs.

Learn More

Featured Resources
Artificial Intelligence Audit Toolkit

Artificial Intelligence Audit Toolkit

The Artificial Intelligence Audit Toolkit is a library of AI controls derived from select control frameworks and law. It has been formulated into an organized structure which allows for a better understanding of how those controls relate to different aspects of the AI lifecycle and provides IT auditors with assessment guidance that supports building and demonstrating assurance around the effectiveness of controls supporting this critical area of emerging technology.

Learn More

View IT Audit Publications and Resources

Gain additional insight and guidance on leveraging the IT Audit framework to create and maintain the most effective techniques and understanding to manage IT Audit.

Maureen O’Connell
Blog Post

Inside the Audit Committee: Roles, Responsibilities and Qualifications

Our Notes from the Boardroom blog series continues with a detailed look at the role and responsibilities of ISACA's audit committee.

13 November 2024
Dhaval Deepak Joshi, CISA, CDPSE
Blog Post

Navigating the New Frontier: Mastering ESG Audits in Modern Business

Environmental stewardship, social responsibility and governance integrity represent three critical components of ESG audits.

31 October 2024
Osman Azab
Blog Post

How the Emerging Technology Landscape is Impacting Cybersecurity Audits

Embracing continuous auditing and focusing on risk-based approaches are among the ways to effectively deal with the increasing complexity of cybersecurity audits as the emerging technology landscape continues to evolve.

22 October 2024
Daniil Karp
Blog Post

A Proactive, Continuous Approach to Automated Compliance

Automation and a compliance by design approach can empower organizations to build a more secure, compliant and efficient IT environment.

16 October 2024
Richard Clapton
Blog Post

Top GenAI Success Stories for Risk and Assurance Professionals, and the Crucial Caveats You Need to Know

Generative AI comes with several promising applications for audits and risk professionals, who also must be mindful of the environment in which they are working and diligently steer clear of potential AI pitfalls.

22 August 2024
Chidambaram Narayanan
Blog Post

Ten Pivotal Moments in an Internal Auditor's Career

Learning to navigate disagreements, adapting to emerging technology and keeping up to date on key regulations are among many pivotal factors in an internal auditor's career success.

3 July 2024
Poonam Gupta
Blog Post

European Union Artificial Intelligence Act: An Auditor’s Perspective

Organizations will need to identify the needed audit and governance resources and skill sets in order to make implementation of the EU AI Act successful.

24 June 2024
Chidambaram Narayanan
Blog Post

The Numbers Whisper, But Stories Captivate: Rethinking Audit Communication

Auditors need to go beyond the cold, hard facts and incorporate time-tested storytelling methods to make their reports resonate more deeply with stakeholders.

11 June 2024
Victor Fang
Blog Post

AI for Auditors: Challenges and Opportunities for Career Advancement

An ISACA training course on AI for auditors explores categories of AI algorithms that auditors will encounter, relevant regulations, how to audit third-party AI dependencies and more.

10 June 2024
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

The $8,000 SOC 2 Conundrum

While the typical cost of a standard SOC 2 audit is going down, the skill level required for auditors to effectively perform them is increasing.

10 May 2024
Han Jumashov
Blog Post

Three Reasons Why You Should Not Wait to Take the CISA Exam

There are several benefits for rising IT auditors to take the CISA exam even before they have the full years of experience required to complete their certification.

29 April 2024
Aleksei Panov
Blog Post

Performing an ATM Security Audit

In preparing for an ATM security audit, auditors will need to prioritize understanding core governance and business processes impacting ATM management.

26 April 2024
Art Poghosyan
Audit Article

Managing Compliance in 2024: Best Practices to Secure Cloud Access and Stay Audit-Ready

Cloud engineering and security leaders can implement streamlined solutions to protect their online environments without compromising productivity—while still achieving compliance.

18 April 2024
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

Quick Scoping: How to Easily Frame Your Environment from a Compliance Lens

Lessons learned from theft prevention in a retail environment have surprising relevance when it comes to compliance and access management.

19 March 2024
Chidambaram Narayanan, Chartered Accountant, CISA, Azure Cybersecurity Architect Expert (SC-100)
Blog Post

Eight Things NOT To Do When Preparing for the CISA

Avoiding these light-hearted 'tips' for preparing for the CISA exam will put you in better position for a successful exam-day experience.

16 February 2024
Ricky Hamilton
Blog Post

Auditing Social Engineering: A Practical Approach

By asking the right questions around people, processes and technical controls, auditors can gather the evidence and documentations they need to successfully audit social engineering.

13 February 2024
ookeditse-kamau
Blog Post

‘Just for Control’: the True Power of Controls

Ill-designed controls can waste organizations' time and resources, so make sure implementing controls is more than just a power move.

29 January 2024
Jordan Kassing
Audit Article

Five Controls to Consider When Auditing a Vendor Management Program

Vendor management is a fundamentally critical function that impacts an organization's operational success, efficiency, reputation and risk exposure.

23 January 2024
Ozman Azab
Audit Article

Six Benefits of a Cybersecurity Audit (and 6 Steps to Perform One)

A cybersecurity audit empowers organizations of all sizes to help identify and mitigate their cybersecurity risk.

16 January 2023
Adam Kohnke
Blog Post

Top Management Considerations for Zero Trust

A new zero trust audit program from ISACA can help organizations transition from traditional network security architectures to ones that are better equipped to handle the modern threat landscape.

26 December 2023
Noam Koriat
Blog Post

Incorporating Agile Audit: Practical Tips

Establishing clear expectations and customizing the approach are among the steps that can facilitate a successful Agile audit implementation.

16 November 2023

MORE IT AUDIT RESOURCES