ISACA

It has been six years since the IT Audit Framework (ITAF) was last updated, and the operating environment has changed significantly. Technology now executes transactions, connects organizations through third-party ecosystems, and increasingly makes decisions through automation and AI. As a result, audit teams face new questions: Can automated outcomes be trusted? Who owns third-party risk? Why wasn’t audit involved earlier?

ITAF 5 reflects these expectations.

This session translates the framework into practice, explaining how assurance expands beyond traditional control testing to evaluating system-driven outcomes. Participants will learn how to adapt audit approaches and provide forward-looking risk insight while maintaining independence.

Learning Objectives:

• Why the Framework Changed: Explain how ITAF 5 reflects the shift to digitally enabled business operations and evolving assurance expectations
• Where Risk Now Lives: Identify how risk moves from manual processes to system configurations, integrations, third-party platforms, and automated decisions
• What Auditors Must Learn: Recognize the evolving skills auditors need, including evaluating automated and AI-driven outcomes and collaborating across technical and business teams
• How Audit Must Adapt: Describe how audit functions should modernize their approach through analytics, continuous assurance, and supporting technology tools