IsacaRoma: Thanks for your collaboration Ms Bi. You are “Technology Practices Manager” at The Institute of Internal Auditors (The IIA [2]). Could you explain to us you role and responsibility? How are you involved in GTAG [3] project?
Lily Bi: The IIA is recognized as the internal audit profession’s leader in certification, education, research, and technological guidance. It has more than 122,000 members around the world. My responsibility is working together with The IIA’s Advanced Technology Committee to develop guidance for our members and practitioners regarding information risk management, control and governance practices. Global Technology Audit Guide (GTAG) is on the top of my responsibilities. From identifying a topic, forming a team, writing, external reviewing, to layout and printing, each guide needs at least 8 months. As a project manager, I have been involving in every step and coordinating with internal and external parties to ensure we deliver a relevant and useful guide.
IR: We already illustrated GTAG project [4] to our readers using public information available in GTAG web pages [5]. Could you tell us some other information? What about new guides? When will they release?
LB: I appreciate your interest at out GTAG series, and hope that our guides benefit your members and readers as well. The primary audiences for the guides are Chief Internal Audit Executive (CAE). So each guide is written in straightforward business language to bridge the gap between technology and business. We are very encouraged by the positive response we received for the past five guides we published since March 2005, and plan to continue delivering three guides each year. The next GTAG – Effective on Vulnerability Management will be published on October 2006. The others in the pipeline for 2007 are Identity Management, IT Outsourcing /Management, and Business Continuity Planning.
IR: What about collaboration? Do you need volunteers?
LB: There are a lot of collaboration involved in the GTAG development and distribution. The IIA has partnered with other professional associations to ensure the contents of the guide will be appropriate for their audiences. They are American Institute of Certified Public Accountants (AICPA [6]), Center for Internet Security (CIS [7]), Carnegie Melon University Software Engineering Institute (CMU SEI [8]), Information Systems Security Association (ISSA [9]), National Association of Corporate Directors (NACD [10]), and the SANS Institute [11].
In addition, The IIA’s global affiliates help us ensue the guides speak to global audiences. The IIA’s Advanced Technology Committee is the main driving force of the project. This is a group of global leaders in the internal audit profession, who are also volunteers. The GTAG would not have been possible with volunteer support from all over the world. Yes, we need volunteers!
IR: Thanks Lily
LB: Arrivederci!
Who is Lily Bi?
Lily Bi, CISA, is Technology Practices Manager of The Institute of Internal Auditors.Email: lily DOT bi AT theiia DOT org
IsacaRoma links
- IIA: Global Technology Audit Guide [12]
- COSO Enterprise Risk Management Framework [13]
- Corporate governance, internal auditing, risk management: è possibile un approccio low-cost? [14]