adam's notes

GAIT
4 Main Principles

❯

❯

GAIT

The GAIT methodology helps auditors and companies scope Section 404 (SOX) reviews of IT controls.

created in 2007 by the IIA
does not recommend individual controls
- specifies a series of control objectives

4 Main Principles

A top-down approach should be used to review risks and IT controls
The review of risks and IT controls should be limited to financially significant systems, applications, or data
IT controls and risks exist at various layers in an IT system (application, database, operating system, and network infrastructure)
IT processes should be mitigated by IT control objectives, not individual controls

Graph View

Backlinks

Sarbanes–Oxley Act (SOX)

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me