New ISACA Publications Highlight Machine Learning Technology and Compliance Risk for Auditors

Schaumburg, IL, USA (Oct. 24, 2022) — The  increased use of machine learning (ML) worldwide  has created a greater need for IT auditors to understand the technology.  ISACA's new white paper series, Audit Practitioner's Guide to Machine  Learning, Part 1: Technology and Audit Practitioner's Guide to Machine  Learning, Part 2: Compliance Risk, provides auditors with  guidelines on the opportunities, risks and compliance requirements associated with  the technology.

Through  these resources, auditors can better understand the complex and sometimes challenging  process involved with building machine learning applications, as well as related  considerations involving the data pipeline and software development lifecycle.

The  Part 1 paper outlines the roadmap that ML application follows, as well as the  related key risk factors that auditors should investigate, including:

- Data governance

- Data engineering

- Feature engineering

- Model training

- Model evaluation

- Model deployment/prediction

Part 2 explores the key laws, regulations and industry  standards involved in data compliance for ML auditing, including:

- Lawfulness, fairness and transparency of personal data used  in ML

- Data minimization and data security

- Accountability and governance

- Consumer’s Right to Know

“Having a solid background in machine learning allows  auditors to better comprehend the development cycle from technical as well as business  perspectives,” says Robin Lyons, Principal, IT Audit Professional Practices at  ISACA. “This enables IT auditors to evaluate ML risk exposures and provides  management with direction for actionable procedures to mitigate risk and support  compliance.”

To download complimentary copies of both  parts 1 and 2 of the Audit Practitioner's Guide to Machine Learning, visit and Additional resources from ISACA around IT audit can be  found at


ISACA® ( is a global community advancing individuals and  organizations in their pursuit of digital trust. For more than 50 years, ISACA  has equipped individuals and enterprises with the knowledge, credentials,  education, training and community to progress their careers, transform their  organizations, and build a more trusted and ethical digital world. ISACA is a  global professional association and learning organization that leverages the  expertise of its more than 165,000 members who work in digital trust fields  such as information security, governance, assurance, risk, privacy and quality.  It has a presence in 188 countries, including 225 chapters worldwide. Through  its foundation One In Tech, ISACA supports IT education and career pathways for  underresourced and underrepresented populations.