Introduction—The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require
standards that apply specifically to IS auditing. One of the goals of the Information Systems Audit and Control Association (ISACA) is to
advance globally applicable standards to meet this need. The development and dissemination of the IS Auditing Standards are a
cornerstone of the ISACA professional contribution to the audit community.
Objectives—The objectives of the ISACA IS Auditing Standards are to inform:
IS auditors of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code
of Professional Ethics for IS auditors
Management and other interested parties of the profession’s expectations concerning the work of practitioners
The objective of the IS Auditing Guidelines is to provide further information on how to comply with the IS Auditing Standards.
Scope and Authority of IS Auditing Standards—The framework for the ISACA IS Auditing Standards provides multiple levels of
Standards define mandatory requirements for IS auditing and reporting.
Guidelines provide guidance in applying IS Auditing Standards. The IS auditor should consider them in determining how to achieve
implementation of the standards, use professional judgment in their application and be prepared to justify any departure.
Procedures provide examples of procedures an IS auditor might follow in an audit engagement. Procedures should not be considered
inclusive of any proper procedures and tests or exclusive of other procedures and tests that are reasonably directed to obtain the same
results. In determining the appropriateness of any specific procedure, group of procedures or test, IS auditors should apply their own
professional judgment to the specific circumstances presented by the particular information systems or technology environment. The
procedure documents provide information on how to meet the standards when performing IS auditi