Skip Ribbon Commands
Skip to main content

 Information Technology

Global Technology Audit Guides (GTAG®)

Prepared by The IIA, each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology (IT) management, risk, control, and security. The GTAG series serves as a resource for chief audit executives on different technology-associated risks and recommended practices.

GTAG Practice Guides are restricted to IIA members only. 

Non-members may purchase GTAGs from the IIA Bookstore.

View all GTAGs

Guide to the Assessment of IT Risk (GAIT)

The GAIT series describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each practice guide in the series addresses a specific aspect of IT risk and control assessment

GAIT Methodology: A risk-based approach to assessing the scope of IT general controls as part of management’s assessment of internal control required by Section 404 of the Sarbanes-Oxley Act

GAIT for IT General Control Deficiency Assessment: An approach for evaluating whether any ITGC deficiencies identified during Section 404 assessments represent material weaknesses or significant deficiencies

GAIT for Business and IT Risk: Guidance for helping identify the IT controls that are critical to achieving business goals and objectives

Case Studies of Using GAIT for Business and IT Risk to Scope PCI Compliance

Following the GAIT-R principles and methodology, this paper provides two case studies of applying GAIT-R to PCI compliance.

New IPPF Resources
Educate staff, colleagues, and stakeholders on these changes by utilizing these tools:

The 2013 Red Book is still a useful and binding reference source as a majority of the content has not changed and remains valid. The IIA Bookstore is exploring an online tool with searchable, on-demand access to all IPPF content. Learn more in the FAQs.