ITAF 5: The Evolving Role of Audit in the Digital Enterprise

It has been six years since the IT Audit Framework (ITAF) was last updated, and the operating environment has changed significantly. Technology now executes transactions, connects organizations through third-party ecosystems, and increasingly makes decisions through automation and AI. As a result, audit teams face new questions: Can automated outcomes be trusted? Who owns third-party risk? Why wasn’t audit involved earlier?

ITAF 5 reflects these expectations.

This session translates the framework into practice, explaining how assurance expands beyond traditional control testing to evaluating system-driven outcomes. Participants will learn how to adapt audit approaches and provide forward-looking risk insight while maintaining independence.

Learning Objectives:

• Why the Framework Changed: Explain how ITAF 5 reflects the shift to digitally enabled business operations and evolving assurance expectations
• Where Risk Now Lives: Identify how risk moves from manual processes to system configurations, integrations, third-party platforms, and automated decisions
• What Auditors Must Learn: Recognize the evolving skills auditors need, including evaluating automated and AI-driven outcomes and collaborating across technical and business teams
• How Audit Must Adapt: Describe how audit functions should modernize their approach through analytics, continuous assurance, and supporting technology tools