In a groundbreaking move for the accounting profession, the Institute of Chartered Accountants of India (ICAI) has unveiled comprehensive Information Systems Audit Standards, positioning itself as the world’s first accounting body to establish such an extensive framework. Set to take effect from February 2026, these standards mark a new era in digital auditing amid the rapid digitization of financial processes.
ICAI is rolling out 11 dedicated audit standards alongside three overarching guidance documents. Initially recommendatory for the first six months, they will become mandatory for all CA members thereafter. This initiative addresses the inconsistencies in IT audits that have plagued the industry, standardizing practices across assurance, agreed-upon procedures, and advisory services.
ICAI President Prasanna Kumar D emphasized that these standards integrate cyber security and digital data protection with unprecedented clarity. ‘Audits will no longer be confined to financial statements,’ he stated. ‘They will rigorously evaluate IT system resilience, data safeguards, and cyber threat defenses, which are critical as ERP systems, cloud computing, and automation dominate financial data generation.’
Built on four core pillars—governance, risk, controls, and compliance—the framework introduces formal principles for IT audit engagements. For the first time, specific standards target IT governance, risk management, internal controls, cyber security, and digital data protection. This aligns with international assurance frameworks and global IT governance best practices, elevating Information Systems Audit to a formal, world-class assurance discipline.
The move promises more relevant, actionable audit reports that empower better decision-making. By pioneering cyber security-focused audit standards, ICAI is setting a global benchmark for digital assurance in the accounting profession, ensuring Indian CAs lead in safeguarding the digital economy.