ISACA Launches Future‑Ready IT Audit Framework Update to Strengthen Digital Trust in an AI‑Driven Environment

The revamped 5th edition now incorporates updated terminology, refreshed examples, and expanded scope to better address emerging technologies, digital trust considerations, and evolving audit practices.

A longtime mainstay for audit and assurance professionals, ITAF was last updated in 2020. The comprehensive IT audit framework establishes standards that address IT audit and assurance practitioners’ roles and responsibilities, ethics, expected professional behavior, and required knowledge and skills; defines terms and concepts specific to IT audit and assurance; and provides guidance and techniques for the planning, performing and reporting of IT audit and assurance engagements.

ITAF, 5th Edition, enhances clarity, integrates ISACA’s newest resources, including AI audit guidance, and aims to support both traditional assurance functions and modern audit teams using data analytics, automation, agile methods, and AI. The new framework places greater emphasis on governance, transparency, and readiness for advanced technologies while providing more practical, flexible, and globally relevant guidance, including through:

• Modernization of content and scope: Updates terminology, definitions, and examples to reflect today’s technologies—such as cloud computing, AI/ML, and business automation—moving beyond the traditional IT control focus of the previous edition.
• Integration of digital trust and emerging technologies: Incorporates digital trust concepts throughout planning, fieldwork, and reporting, and adds guidance for AI/ML auditing aligned with ISACA’s AI audit guidance and the broader digital trust ecosystem.
• Increased flexibility, practicality, and usability: Introduces language suitable for organizations of all sizes, adds practical examples, and improves clarity through a modernized layout.
• Expanded audit practices and governance expectations: Broadens the scope of IT audit to include data analytics, agile auditing, continuous assurance, and AI governance, with enhanced expectations for transparency, ethical technology use, and oversight of automated systems.

[....]