Available since March 3, 2026, From GAGSI to MAGNum: a structural evolution
A shift in gears for digital governance: the MAGNum (Model of Maturity and Audit of Digital Governance) 2026 takes the baton from the Guide to Audit of Information System Governance (GAGSI 2019), greatly extending beyond its initial scope.
Where GAGSI merely identified best practices, MAGNum now measures, in a structured and comparable way, the overall digital maturity level of an organization on a 1 to 5 scale.
From GAGSI to MAGNum: a structural evolution
The MAGNum (Model of Maturity and Audit of Digital Governance) is the result of collaborative work led by around sixty experts from the three associations (auditors, CIOs, IT systems architects, consultants) gathered in thematic workshops covering strategy, architecture, data, risks, AI, cybersecurity, CSR, and project management.
This upscaling of ambition is accompanied by a thematic overhaul to incorporate issues that have become unavoidable since the last edition: artificial intelligence, CSR, strengthened cybersecurity, regulatory compliance, and organizational agility.
“The collaboration carried out in 2022-2023, which clarified the evolutions of digital governance, convinced us of the necessity to update the 2019 edition. By integrating the maturity measurement framework developed by ISACA France, we coherently bridged the audit exercise and the maturity assessment,” explains Véronique Beaupère, strategic advisor for information systems and administrator of ISACA France, who co-led the work.
13 governance vectors to cover the entire digital landscape
The model centers on 13 key vectors: Strategy, Innovation, Risks & Compliance, CSR, Data & AI, Architecture, Project Portfolio, Projects, Human Resources, Vendors & Suppliers, Services, Budget & Performance, and Marketing & Communications. For each, the MAGNum presents the issues and threats, and describes best practices translated into evaluation criteria.
The model stands out by the addition of a 13th vector dedicated to CSR, as well as by the systematic integration of AI into all vectors, particularly the data vector. For each of the 13 key vectors the MAGNum presents the issues and threats, and describes best practices translated into evaluation criteria.
The tool includes a maturity grid accompanied by a visual radar chart, enabling action prioritization, progress measurement over time, and the ability to compare different entities (companies, subsidiaries, business units). The associated Excel file allows rating the level of compliance with the requirements, automatically calculating maturity by vector, and generating this radar for management.
A common language between the CEO, IT leadership, business functions and auditors
One of the explicit goals of MAGNum is to reconcile groups that often do not speak the same language. By offering a shared vocabulary among decision-makers (CEO, CIO, business unit leaders), auditors, and operational staff, the model aims to align digital governance with business strategy.
For Djilali Kies, project lead for the Cigref, “our three associations, each pursuing parallel work, have become convinced that mastering digital governance is no longer negotiable for companies; it has become imperative. We have therefore decided to pool our efforts, with the aim of going beyond the audit guide and producing this time a maturity manual, a repository of best practices, a tool that already integrates all the evolutions we know to date in the digital realm.”
On the side of internal auditors, Guillaume Cuisset, partner at KPMG and member of the IFACI Professional Group “Information Systems,” highlights the concrete benefit for their practice: “Mastering digital governance questions has become a very important issue for an internal audit department. This new maturity model allows the internal auditor to better understand how the IT department operates, identify root causes of dysfunction and formulate more targeted recommendations. It’s a tool that will enable him to discuss, using the same vocabulary, with his CIO, his digital director, while relying on a repository of best practices shared by both professions, since it has been built collegially among our three associations.”
A tool designed for field teams
MAGNum rests on three founding principles: the pragmatism (criteria drawn from field feedback from contributors), readability (vocabulary accessible to IT, business units, and support functions), and ease of use (tools that are simple, even for non-specialists).
Ultimately, the model positions itself as both a tool for steering digital transformation, a means to objectify investment priorities, a common framework for dialogue among CEO, business units, CIO, compliance and audit, and a way to regularly self-assess the governance of digital activities.
The MAGNum 2026 is available for free download (French version) in the ISACA France member area: https://engage.isaca.org/parischapter/espacemembres/publications/publications343
*The 13 key vectors are: Strategy, Innovation, Risks & Compliance, CSR, Data & AI, Architecture, Project Portfolio, Projects, Human Resources, Vendors & Suppliers, Services, Budget & Performance, and Marketing & Communications.
