top of page

Technology impact and changing dynamics of Internal Audit

The Digital and Mobility revolution has improved, impacted as well as disrupted businesses, business models, processes, etc. The emergence of as e-commerce, mobile applications, sophisticated ERPs, block chain solutions, cloud computing, robotic Business Process Automation (RPA), Internet of Things (IoT), Machine Learning (ML) and Artificial Intelligence (AI) have added new dimensions to businesses. The internal audit function needs to re-orient itself to meet the requirements in this Digital Era as well as improve its own approach and methodology to be relevant and effective.

Some of the key questions around Information Technology (IT) risk management and Internal Audit

  • Does your audit plan identify key IT risks that have a direct significant impact on the organisation?

  • Is IT audit part of your internal audit plan?

  • Have you identified opportunities to reduce manual controls by increasing automated controls?

  • Have you identified areas in your internal audit plan where data analytics can be used for the audit of a complete or larger set of data set rather than a sample-based approach?

  • Have you assessed the business, financial, legal and reputational risks associated with data leakage or cyber frauds? Have you effective control and audit mechanisms in place to counter the same?

  • Have you identified areas in your audit plan where technology can be used to evaluate the effectiveness of controls against the key risks?

  • Does your Internal Audit team have sufficient IT competencies to evaluate the effectiveness of controls?

  • Do you have a program/framework established to ensure the above aspects are verified on a continual basis?

Information Technology in Internal Audit - A key differentiator

Internal audits are designed to evaluate the effectiveness of organisation’s internal controls by first gathering information about how a unit operates, identifying points at which errors or inefficiencies are possible and identifying system controls designed to prevent or detect such occurrences. Then, the application and performance of those controls are tested to assess how well they work. Managers ought to routinely evaluate controls in their department's operations by following the same process.

IT provides most of the information needed for auditing. In order to be effective, auditors must use IT as an auditing tool, audit automated systems and data, to understand the business purposes for the systems, and understand the environment in which the systems operate.

The other important uses of IT by auditors are in audit administration. By seeking new use for computers and communications, auditors improve their ability to review systems and information and manage their activities more effectively. Automated tools allow auditors to increase individual productivity and that of the audit function. By recognising the importance of emerging environment and requirements to perform audit tasks effectively, auditors must recognise the key reasons to use audit tools and software. Some of the examples below demonstrate the need for an effective Internal Audit function leveraging technology platforms.

Key IT considerations for Internal Audit

  • Information Security

  • Business Continuity Management

  • Mobile Security

  • Cloud Security

  • Social Media Risk Management

  • Segregation of Duties & Identity Access Management (SoD& IAM)

  • Data Loss Prevention (DLP) and Privacy

  • Machine Learning

  • Blockchain

  • Robotics Process Automation



Bạn mong muốn nhận được tư vấn của đội ngũ chuyên gia RSM Việt Nam, vui lòng gửi câu hỏi tại đây

You have successfully submitted your registration information. Thank you.

bottom of page