GTAG 15 - Information Security Governance

GTAG 15 - Information Security Governance

Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.

This GTAG will provide a thought process to assist the CAE in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.

GTAG 15: Information Security Governance will assist efforts to:

• Define ISG.
• Help internal auditors understand the right questions to ask and know what documentation is required.
• Describe the internal audit activity’s (IAA) role in ISG.