Appendix A. Relevant IIA Standards and

                   Guidance






                   The following IIA resources were referenced throughout this practice guide. For more information about
                   applying the International Standards for the Professional Practice of Internal Auditing, please refer to The
                   IIA’s Implementation Guides.

                    Code of Ethics
                    Principle 1: Integrity
                    Principle 2: Objectivity
                    Principle 3: Confidentiality

                    Principle 4: Competency
                    Standards
                    Standard 1200 – Proficiency and Due Professional Care
                    Standard 1210 – Proficiency

                    Standard 1220 – Due Professional Care
                    Standard 2110 – Governance
                    Standard 2120 – Risk Management
                    Standard 2130 – Control

                    Standard 2220 – Engagement Scope
                    Guidance and Other Resources
                    GTAG “Assessing Cybersecurity Risk – The Three Lines Model,” 2020
                    GTAG “Auditing Business Applications," 2021
                    GTAG “Auditing Identity and Access Management," 2021
                    GTAG “Auditing Insider Threat Programs," 2018

                    GTAG “Auditing IT Governance," 2018
                    GTAG “Auditing Mobile Computing,” 2022
                    GTAG “Information Technology Outsourcing," 2012
                    GTAG “IT Change Management: Critical for Organizational Success, 3  Edition,” 2020
                                                                 rd
                    GTAG “IT Essentials for Internal Auditors," 2020
                    The Institute of Internal Auditors The IIA’s Three Lines Model: An Update of the Three Lines of Defense









                   19 — theiia.org