no image

Global Technology Audit Guide 15 – Information Security Governance

The Internal Institute of Auditors


Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.
This Global Technology Audit Guide (GTAG) will provide a thought process to assist the chief audit executive (CAE) in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.
GTAG 15: Information Security Governance will assist efforts to:

  1. Define ISG.
  2. Help internal auditors understand the right questions to ask and know what documentation is required.
  3. Describe the internal audit activity’s (IAA) role in ISG.
svgEnterprise Information Security and Privacy
svgNext Post