A 25‐year retrospective on the IIA’s SAC projects

In 2002, The Institute of Internal Auditors (IIA) observed the 25th anniversary of the publication of its first Systems, Auditability, & Control (SAC) study. This paper reviews the development of the SAC projects and their impact on Information Systems (IS) auditing in particular. Three different research methodologies were used for collecting the data for this research. First, a rigorous literature review was conducted. Second, an oral‐history methodology was used to collect data via interviews. Third, notes and minutes from many early committee meetings of IIA, including the SAC Committee, were studied. The early years (1954‐1977) saw a dearth of related literature. Thus individual accountants and auditors found it difficult to acquire or gather information on emerging issues. The Systems, Auditability, & Control (SAC) study published in 1977 was one of the major attempts to codify IS auditing knowledge. This study has been followed up by three other SAC projects in 1991, 1994, and 2001. These SAC projects have provided some of the best guidance for IS auditors over these last 25 years. From the beginning of IS auditing, there has been a continued acceleration of technology. In particular, the audit process has been impacted by the proliferation of microcomputers.