ISACA has released the fifth edition of its IT Audit Framework (ITAF), updating its global standards and guidance for auditing modern digital systems including artificial intelligence, cloud computing and automation.
The update comes as organisations expand their use of AI, automation and cloud services, increasing demand for oversight of technology risk, governance and assurance practices.
ISACA said the revised framework includes updated terminology, refreshed examples and an expanded scope intended to help IT audit and assurance teams assess contemporary environments such as data analytics, AI, cloud computing and business automation.
ITAF was last updated in 2020. The framework sets out standards covering IT audit and assurance practitioners’ roles and responsibilities, ethics, expected professional behaviour, and required knowledge and skills. It also defines terms and concepts for IT audit and assurance, and provides guidance for planning, performing and reporting audit engagements.
Jo Stewart-Rattray, ISACA’s Oceania Ambassador, said regulators and boards in the region are placing more emphasis on technology risk oversight, cyber resilience and responsible AI governance.
“As organisations adopt AI, automation and advanced digital systems, the challenge now is ensuring their oversight, audit and risk practices keep pace with how these technologies are being deployed,” Stewart-Rattray said. She said the updated ITAF is intended to help audit professionals assess emerging technologies and strengthen governance.
According to ISACA, ITAF 5th Edition integrates the organisation’s recent resources, including AI audit guidance, and is designed to support both traditional assurance functions and audit teams using data analytics, automation and agile methods. ISACA said the framework places greater emphasis on governance, transparency and readiness for emerging technologies.
ISACA highlighted several changes in the new edition, including updated content and definitions to reflect technologies such as cloud computing, AI and machine learning and business automation; guidance that incorporates digital trust concepts across planning, fieldwork and reporting; and language and examples aimed at organisations of different sizes.
The new version also broadens the scope of IT audit to include data analytics, agile auditing, continuous assurance and AI governance, with increased focus on transparency, ethical technology use and oversight of automated systems, ISACA said.
Alongside the framework, ISACA has also updated ITAF Companion Performance Guidelines 2208: Information Technology Audit Sampling, which covers the design, selection and evaluation of audit samples. ISACA said the revised guidelines reflect data-driven and technology-enabled audit sampling approaches.
