New ISACA Publications Highlight Machine Learning Technology and Compliance Risk for Auditors

Audit Practitioner’s Guide to Machine Learning, Part 1
Author: ISACA
Date Published: 24 October 2022

Schaumburg, IL, USA — The increased use of machine learning (ML) worldwide has created a greater need for IT auditors to understand the technology. ISACA's new white paper series, Audit Practitioner's Guide to Machine Learning, Part 1: Technology and Audit Practitioner's Guide to Machine Learning, Part 2: Compliance Risk, provides auditors with guidelines on the opportunities, risks and compliance requirements associated with the technology.

Through these resources, auditors can better understand the complex and sometimes challenging process involved with building machine learning applications, as well as related considerations involving the data pipeline and software development lifecycle.

The Part 1 paper outlines the roadmap that ML application follows, as well as the related key risk factors that auditors should investigate, including:

  • Data governance
  • Data engineering
  • Feature engineering
  • Model training
  • Model evaluation
  • Model deployment/prediction

Part 2 explores the key laws, regulations and industry standards involved in data compliance for ML auditing, including:

  • Lawfulness, fairness and transparency of personal data used in ML
  • Data minimization and data security
  • Accountability and governance
  • Consumer’s Right to Know

“Having a solid background in machine learning allows auditors to better comprehend the development cycle from technical as well as business perspectives,” says Robin Lyons, Principal, IT Audit Professional Practices at ISACA. “This enables IT auditors to evaluate ML risk exposures and provides management with direction for actionable procedures to mitigate risk and support compliance.”

To download complimentary copies of both parts 1 and 2 of the Audit Practitioner's Guide to Machine Learning, visit and Additional resources from ISACA around IT audit can be found at


ISACA® ( is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 165,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.


Media Contacts

Emily Ayala, +1.847.385.7217,
Kristen Kessinger, +1.847.660.5512,