The guide - Monitoring Internal Control Systems and IT - falls into the regulatory and compliance aspect of IT security, an area that, until recently, was on something of a back burner in most organisations.
Recent changes in regulatory requirements have changed this, however, bringing the need to monitor internal controls to the top of the boardroom agenda.
According to ISACA, having controls in place is a basic business requirement, but it is no longer enough. Controls break down over time, says the association, as they do not always operate as designed, and often fail to keep up with businesses as they – and their operations and strategies – change over time.
The security association says that monitoring these internal controls allows management to be alerted quickly about factors that can have significant effects on their businesses.
The aim of the guide, the association adds, is to provide practical guidance on how to monitor IT controls and how to apply IT to support, as well as sustain, monitoring activities.
The guide, which is free for ISACA members and $50 for non-members, is also billed as examining continuous monitoring and how it can lead to quicker detection of control failures, resulting in saved time and expense.
According to Ken Vander Wal, the chair of the guide's development team, the publication offers case studies and examples to clearly illustrate how an enterprise can implement automated IT monitoring activities to address their business problems.
"In addition to improving compliance and reducing costs, continuous monitoring can also be used to help prevent fraud", he said, adding that, with organisation's clearly demonstrating an increased focus on the monitoring of controls, they reduce the opportunity for illegal or unethical activities", he said.