Table of contents:
Introduction
Key questions to reorient internal audit
Information technology in internal audit: applying for adaptation and innovation
Introduction
The strong development of digital and mobile technology revolutions has significantly impacted and changed the structure of various types of businesses, business models, processes, etc. The emergence of e-commerce, mobile applications, sophisticated ERP systems, blockchain solutions, cloud computing, business process automation through robots (RPA), machine learning (ML), and artificial intelligence (AI) has introduced new dimensions to enterprises. The internal audit function needs to self-orient to meet the requirements of this digital age and enhance its own approach and methodologies to align with efficiency and effectiveness.
Key questions to reorient internal audit
Has the internal audit plan identified key IT risks that have a direct and significant impact on the organization?
Is IT auditing included in the internal audit plan?
Have opportunities to replace manual controls with enhanced automated controls been identified?
Have areas within the internal audit plan been identified where advanced technology tools can be used to audit large data sets when traditional audit approaches are ineffective and unable to process all the information?
Have risks related to business, finance, legal, and reputational issues regarding data breaches or cyber fraud been assessed?
Are there effective control and audit mechanisms in place to counter similar issues?
Have existing data privacy regulations been clearly identified, and necessary mechanisms established to ensure compliance with such regulations?
Have areas within your audit plan been identified where technology can be used to evaluate the effectiveness of control measures against significant risks?
Does the internal audit team possess sufficient IT competency to assess the effectiveness of control measures?
Is there a program/framework in place to ensure continuous verification of the above aspects?
Information technology and changing dynamics on internal audit
Internal auditing is designed to assess the effectiveness of an organization's controls by gathering information about how a control entity operates, identifying potential points of error or inefficiency, and then determining measures designed to prevent or detect such instances. Subsequently, the application and enforcement of these controls are examined to assess how well they function. Managers must regularly evaluate the control measures within their organization's operations.
Information technology platforms within businesses can provide most of the information and data needed for auditing, but this data is often extensive and cannot be processed using traditional audit methods. To conduct effective internal audits, auditors must use information technology as a necessary auditing tool to handle vast amounts of information and big data.
Another crucial role of information technology for internal auditors is in the management of audit tasks. Automation tools enable auditors to increase personal and team productivity efficiently. Both auditors themselves and the internal audit department must recognize the importance of information technology and continuously innovate to apply these technologies to their work processes.
Key aspects of IT impacting internal audit activities
Information Security
Continuous Business Process Management
Mobile Security
Cloud Security
Social Media Risk Management
Separation of Duties and Identity Access Management (SoD & IAM)
Data Loss Prevention (DLP) and Privacy
Digital Language
Blockchain
Automation
Comments