The Digital and Mobility revolution has improved, impacted as well as disrupted businesses, business models, processes, etc. The emergence of as e-commerce, mobile applications, sophisticated ERPs, block chain solutions, cloud computing, robotic Business Process Automation (RPA), Internet of Things (IoT), Machine Learning (ML) and Artificial Intelligence (AI) have added new dimensions to businesses. The internal audit function needs to re-orient itself to meet the requirements in this Digital Era as well as improve its own approach and methodology to be relevant and effective.
Some of the key questions around Information Technology (IT) risk management and Internal Audit
Does your audit plan identify key IT risks that have a direct significant impact on the organisation?
Is IT audit part of your internal audit plan?
Have you identified opportunities to reduce manual controls by increasing automated controls?
Have you identified areas in your internal audit plan where data analytics can be used for the audit of a complete or larger set of data set rather than a sample-based approach?
Have you assessed the business, financial, legal and reputational risks associated with data leakage or cyber frauds? Have you effective control and audit mechanisms in place to counter the same?
Have you identified areas in your audit plan where technology can be used to evaluate the effectiveness of controls against the key risks?
Does your Internal Audit team have sufficient IT competencies to evaluate the effectiveness of controls?
Do you have a program/framework established to ensure the above aspects are verified on a continual basis?
Information Technology in Internal Audit - A key differentiator
Internal audits are designed to evaluate the effectiveness of organisations internal controls by first gathering information about how a unit operates, identifying points at which errors or inefficiencies are possible and identifying system controls designed to prevent or detect such occurrences. Then, the application and performance of those controls are tested to assess how well they work. Managers ought to routinely evaluate controls in their department's operations by following the same process.
IT provides most of the information needed for auditing. In order to be effective, auditors must use IT as an auditing tool, audit automated systems and data, to understand the business purposes for the systems, and understand the environment in which the systems operate.
The other important uses of IT by auditors are in audit administration. By seeking new use for computers and communications, auditors improve their ability to review systems and information and manage their activities more effectively. Automated tools allow auditors to increase individual productivity and that of the audit function. By recognising the importance of emerging environment and requirements to perform audit tasks effectively, auditors must recognise the key reasons to use audit tools and software. Some of the examples below demonstrate the need for an effective Internal Audit function leveraging technology platforms.
Key IT considerations for Internal Audit
Information Security
Business Continuity Management
Mobile Security
Cloud Security
Social Media Risk Management
Segregation of Duties & Identity Access Management (SoD& IAM)
Data Loss Prevention (DLP) and Privacy
Machine Learning
Blockchain
Robotics Process Automation