Framework and Guides

Get expert guidance, research policies and procedures to stay ahead of the curve in your IT audit and assurance career.

Artificial Intelligence Audit Toolkit

As the use of AI increases and becomes more integral in enterprise product and service delivery, it will come under more audit scrutiny. Audit coverage and assessment techniques will need to be dynamic and multi-disciplinary to keep pace with the breakneck speed in advancement and continuous development of AI-enabled systems.

Learn more

ISACA Cybersecurity Audit Program: Based on the NIST Cybersecurity Framework 2.0

ISACA has updated its Cybersecurity Audit Program, adapted from the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (released in February 2024).

Learn more

Zero Trust Audit Program

Zero Trust is a security model that requires all users of an organization's network to be authenticated, authorized, reviewed, and validated periodically to ensure appropriate access privileges are granted and maintained and more importantly rights are deactivated when they are no longer needed to perform work duties.

Learn more

Google Cloud Platform Audit Program

With the continued growth and adoption of Google® Cloud Platform (GCP®) now representing the third largest provider of cloud services, ISACA has developed an audit program that helps auditors assess and test control coverage adequacy and effectiveness of GCP® services.

Learn more

Identity and Access Management Audit Program

The ISACA Identity and Access Management Audit Program provides specific testing and evaluation criteria to assist auditors in assessing the adequacy of safeguards in place to mitigate IAM risks.

Learn more

Audit Practitioner’s Guide to Machine Learning, Part 1: Technology

Machine learning (ML), a subset of artificial intelligence (AI), has been rapidly adopted by enterprises and governments around the world.

Learn more

Audit Practitioner’s Guide to Machine Learning, Part 2: Compliance Risk

Machine learning (ML), a subset of artificial intelligence (AI), has been rapidly adopted by enterprises and governments around the world.

Learn more

Physical and Environmental Security Audit Program

Cybersecurity and audit practitioners may talk in terms of physical security being a part of cybersecurity or physical security being a subset of cybersecurity. While there may be differences of opinion in how physical security is defined in terms of cybersecurity, there is agreement that physical security may be overlooked while digital threats are considered from many perspectives.

Database Audit Program

Databases, comprised of data and database management systems, store data so that they can be used by different programs without concern for the data structure or organization. The ability of databases to accommodate large volumes of data, has led databases to be widely adopted.

Learn more

COBIT for DevOps Audit Program

ISACA developed this audit program as a companion to COBIT Focus Area: DevOps, Using COBIT® 2019. The focus area publication describes how COBIT framework concepts apply to DevOps and is intended to help enterprises evaluate management practices important to the development of an effective governance system over DevOps.

Learn more

VPN Security Audit Program

Virtual Private Networks (VPNs) are relied on to give remote workers access to the corporate network securely. As the number of remote workers and the duration of remote work have increased (from remote working being temporary to potentially permanent), awareness of VPNs has grown. Now, enterprises are questioning how secure VPNs are.

Learn more
Certification and Training

Advance your expertise and add to your career potential or enterprise skillset with training developed and delivered by the experts in IT audit.

Certified Information Systems Auditor (CISA)

The CISA certification is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. This certification is a must have for entry to mid-career IT professionals looking for leverage in career growth. The CISA exam is now available via remote proctoring!

Learn More

CISA Exam Prep from ISACA

Whether you prefer to prep on your own time or with the additional guidance and interaction that comes with live, expert instruction, ISACA has the right test prep solutions for every professional. Choose what works for your schedule and your studying needs.

Learn More

Featured Resources

Zero Trust Audit Program

Zero Trust is a security model that requires all users of an organization's network to be authenticated, authorized, reviewed, and validated periodically to ensure appropriate access privileges are granted and maintained and more importantly rights are deactivated when they are no longer needed to perform work duties.

Learn more

View IT Audit Publications and Resources

Gain additional insight and guidance on leveraging the IT Audit framework to create and maintain the most effective techniques and understanding to manage IT Audit.

Blog Post

A Proactive, Continuous Approach to Automated Compliance

Automation and a compliance by design approach can empower organizations to build a more secure, compliant and efficient IT environment.

16 October 2024
Blog Post

Top GenAI Success Stories for Risk and Assurance Professionals, and the Crucial Caveats You Need to Know

Generative AI comes with several promising applications for audits and risk professionals, who also must be mindful of the environment in which they are working and diligently steer clear of potential AI pitfalls.

22 August 2024
Blog Post

Ten Pivotal Moments in an Internal Auditor's Career

Learning to navigate disagreements, adapting to emerging technology and keeping up to date on key regulations are among many pivotal factors in an internal auditor's career success.

3 July 2024
Blog Post

European Union Artificial Intelligence Act: An Auditor’s Perspective

Organizations will need to identify the needed audit and governance resources and skill sets in order to make implementation of the EU AI Act successful.

24 June 2024
Blog Post

The Numbers Whisper, But Stories Captivate: Rethinking Audit Communication

Auditors need to go beyond the cold, hard facts and incorporate time-tested storytelling methods to make their reports resonate more deeply with stakeholders.

11 June 2024
Blog Post

AI for Auditors: Challenges and Opportunities for Career Advancement

An ISACA training course on AI for auditors explores categories of AI algorithms that auditors will encounter, relevant regulations, how to audit third-party AI dependencies and more.

10 June 2024
Blog Post

The $8,000 SOC 2 Conundrum

While the typical cost of a standard SOC 2 audit is going down, the skill level required for auditors to effectively perform them is increasing.

10 May 2024
Blog Post

Three Reasons Why You Should Not Wait to Take the CISA Exam

There are several benefits for rising IT auditors to take the CISA exam even before they have the full years of experience required to complete their certification.

29 April 2024
Blog Post

Performing an ATM Security Audit

In preparing for an ATM security audit, auditors will need to prioritize understanding core governance and business processes impacting ATM management.

26 April 2024
Audit Article

Managing Compliance in 2024: Best Practices to Secure Cloud Access and Stay Audit-Ready

Cloud engineering and security leaders can implement streamlined solutions to protect their online environments without compromising productivity—while still achieving compliance.

18 April 2024
Blog Post

Quick Scoping: How to Easily Frame Your Environment from a Compliance Lens

Lessons learned from theft prevention in a retail environment have surprising relevance when it comes to compliance and access management.

19 March 2024
Blog Post

Eight Things NOT To Do When Preparing for the CISA

Avoiding these light-hearted 'tips' for preparing for the CISA exam will put you in better position for a successful exam-day experience.

16 February 2024
Blog Post

Auditing Social Engineering: A Practical Approach

By asking the right questions around people, processes and technical controls, auditors can gather the evidence and documentations they need to successfully audit social engineering.

13 February 2024
Blog Post

‘Just for Control’: the True Power of Controls

Ill-designed controls can waste organizations' time and resources, so make sure implementing controls is more than just a power move.

29 January 2024
Audit Article

Five Controls to Consider When Auditing a Vendor Management Program

Vendor management is a fundamentally critical function that impacts an organization's operational success, efficiency, reputation and risk exposure.

23 January 2024
Audit Article

Six Benefits of a Cybersecurity Audit (and 6 Steps to Perform One)

A cybersecurity audit empowers organizations of all sizes to help identify and mitigate their cybersecurity risk.

16 January 2023
Blog Post

Top Management Considerations for Zero Trust

A new zero trust audit program from ISACA can help organizations transition from traditional network security architectures to ones that are better equipped to handle the modern threat landscape.

26 December 2023
Blog Post

Incorporating Agile Audit: Practical Tips

Establishing clear expectations and customizing the approach are among the steps that can facilitate a successful Agile audit implementation.

16 November 2023
Audit Article

Three Skills for Succeeding as an IT Auditor in the 21st Century

There are 3 skills that a modern IT auditor must possess to add value to the technology teams being audited and to avoid being seen through a negative lens by senior leadership.

14 November 2023

MORE IT AUDIT RESOURCES