Strongly Recommended Guidance
Practice Guides provide detailed guidance for conducting internal audit activities. They include processes and procedures, tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables.
Practice Guides are restricted to IIA members only.
Non-members may purchase Practice Guides by clicking on the links below.
Downloads and Links
Practice Guides — General
Practice Guides — Public Sector
Practice Guides — GTAG®
Global Technology Audit Guides (GTAG)
GTAGs are written in straightforward business language and address timely issues related to information technology (IT) management, control, and security.
Practice Guides — GAIT
Guide to the Assessment of IT Risk (GAIT)
The GAIT series of Practice Guides describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each guide addresses a specific aspect of IT risk and control assessment.
Case Studies of Using GAIT for Business and IT Risk to Scope PCI Compliance
Following the GAIT-R principles and methodology, this paper provides two case studies of applying GAIT-R to PCI compliance.