Supplemental guidance

Formerly known as practice guides

Supplemental guidance describe processes and procedures in detail as well as sector specific issues and topical areas. These guides will help you develop the tools, techniques and programmes you need with a step-by-step approach.

Supplemental guidance will also help you to determine what the deliverables are.

For supplemental guidance specifically on technology-based risk, read the GTAGs.

Supplemental guidance series

Assessing organizational governance in the private sector

Assessing organizational governance in the public sector

Assessing the adequacy of risk management using ISO 31000

Assessing the risk management process

Assisting small internal audit activities in implementing the International Standards for the Professional Practice of Internal Auditing

Audit reports: Communicating assurance engagement results

Auditing anti-corruption activities, 2nd edition

Auditing capital adequacy and stress testing for banks - 2nd edition

Auditing conduct risk

Auditing credit risk management

Auditing culture

Auditing executive compensation and benefits

Auditing external business relationships

Auditing grants in the public sector

Auditing liquidity risk: An overview

Auditing market risk in financial institutions

Auditing model risk management

Auditing procurement in the public sector

Auditing privacy risks, 2nd edition (replaces GTAG05)

Auditing the control environment

Auditing third party risk management

Building an Effective Internal Audit Activity in the Public Sector

Business continuity management

Chief audit executives - Appointment, performance, evaluation, and termination

Coordinating risk management and assurance

Coordination and reliance - developing an assurance map

Creating an internal audit competency process for the public sector

Developing a risk-based internal audit plan

Developing the internal audit strategic plan

Demonstrating the core principles for the professional practice of internal auditing

Engagement planning - Assessing fraud risks

Engagement planning - Establishing objectives and scope

Evaluating corporate social responsibility/sustainable development

Evaluating ethics-related programs and activities

Formulating and expressing internal audit opinions

Foundations of internal auditing in financial services firms

Independence and objectivity

Integrated auditing

Interaction with the board

Internal auditing and fraud

Internal audit and the second line of defense

Measuring internal audit effectiveness and efficiency

Quality assurance and improvement program

Reliance by internal audit on other assurance providers

Selecting, using, and creating maturity models: A tool for assurance and consulting engagements

Talent management

Unique aspects of internal auditing in the public sector

Other supplemental guidance

Applying The IIA's IPPF as a professional services firm

Model internal audit activity charter

GAIT methodology

A risk-based approach to assessing the scope of IT General Controls:

GAIT for business and IT risks

GAIT for IT general control deficiency assessment

GAIT methodology

GAIT template

Supplemental guidance is authoritative guidance for the internal audit profession from the Global Institute of Internal Auditors. They form part of the International Professional Practices Framework.