« ISO/IEC 27001 特需? | Main | マイクロソフト 内部統制文書化支援ツール »

2006.02.24

IIA Exposure Draft "Generally Accepted IT Principles (GAIT)"

 こんにちは、丸山満彦です。内部監査人協会(IIA)から、一般に受け入れられたITの原則の公開草案がでています。

 
IIA (The Institute of Internal Auditors )
IIA Technology
・・Exposure Draft on Generally Accepted IT Principles (GAIT) (PDF 561KB)

=====
1. What is the scope of GAIT?

GAIT stands for the Generally Accepted IT Principles. GAIT provides guidance to scope Information Technology (IT) work in support of conclusions for IT-related portions for any COSO internal control objective, such as financial reporting or operations. GAIT is not a controls framework. Instead, GAIT provides constructs to appropriately identify and link the COSO constructs of internal control objectives, assertions, risks and controls. Appropriate linking enables the appropriate IT scoping for those objectives, including financial reporting and Section 404 of the U.S. Sarbanes-Oxley Act of 2002.
=====

=====
2 How does GAIT add to what is already included in COBIT?

GAIT is not a controls or governance framework. It is intended to complement COBIT and provide a means to scope, identify and link appropriately internal control objectives, such as the COSO internal control objectives, assertions and risks. By enabling appropriate linking, companies can better scoping the IT control evaluation work for those objectives, including financial reporting and Sarbanes-Oxley's Section 404.
COBIT is an IT governance framework that allows managers to bridge the gap between control requirements, technical issues and business risks. However, CobiT does not provide a mechanism for scoping IT processes and controls in relationship to the achievement of specific internal control objectives such as the three COSO objectives.
Finally, GAIT is intended to complement COBIT by creating a transactional construct to support management assertions that the necessary controls exist and are effective.
=====

 IT全般統制の評価の範囲を決めるのに参考になるようです。

|

« ISO/IEC 27001 特需? | Main | マイクロソフト 内部統制文書化支援ツール »

Comments

Post a comment



(Not displayed with comment.)




TrackBack


Listed below are links to weblogs that reference IIA Exposure Draft "Generally Accepted IT Principles (GAIT)":

« ISO/IEC 27001 特需? | Main | マイクロソフト 内部統制文書化支援ツール »