Supplemental Guidance provides detailed guidance for conducting internal audit activities. These include topical areas, sector-specific issues, as well as processes and procedures, tools and techniques, programs, step-by-step approaches, and examples of deliverables.
Effective with the July 2015 launch of the New IPPF, all Practice Guides, Global Technology Audit Guides (GTAGs), and Guides to the Assessment of IT Risks (GAIT) automatically become part of the Recommended Supplemental Guidance layer.
Supplemental Guidance is restricted to IIA members only.
Non-members may purchase Supplemental Guidance by clicking on the links below.
Practice Guides - General
Practice Guides - Financial Services
|NEW! Auditing Model Risk Management||March 2018|
|NEW! Auditing Liquidity Risk: An Overview||December 2017|
Practice Guides - Public Sector
|Assessing Organizational Governance in the Public Sector||October 2014|
|NEW! Auditing Grants in the Public Sector||April 2018|
|Creating an Internal Audit Competency Process for the Public Sector||February 2015|
Practice Guides — GTAG®
Global Technology Audit Guide (GTAG)
GTAGs are written in straightforward business language and address timely issues related to information technology (IT) management, control, and security.
Practice Guides — GAIT
Guide to the Assessment of IT Risk (GAIT)
The GAIT series of Practice Guides describes the relationships among business risk, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls. Each guide addresses a specific aspect of IT risk and control assessment.
|GAIT Methodology||January 2009|
Case Studies of Using GAIT for Business and IT Risk to Scope PCI Compliance
Following the GAIT-R principles and methodology, this paper provides two case studies of applying GAIT-R to PCI compliance.
Other Supplemental Guidance
|Applying The IIA’s International Professional Practices Framework as a Professional Services Firm||August 2016|
|NEW! Model Internal Audit Activity Charter||March 2017|