Page 131 - Courses
P. 131

IT Essentials — Assessing Infrastructure and Networks

            intricacies. Many of these controls are the domain of specialists who manage specific risks
            associated with individual components of the systems and network infrastructure.

            Internal auditors are not expected to have identical knowledge or skill sets of an IT professional.
            However, internal auditors are expected to conform with the Competency principle of The IIA’s Code
            of Ethics, as well as multiple IIA Standards, specifically Standard 1200 – Proficiency and Due
            Professional Care, which states, “Engagements must be performed with proficiency and due
            professional care,” and Standard 1210 – Proficiency, which states, “Internal auditors must possess
            the knowledge skills, and other competencies needed to perform their individual responsibilities.
            The internal audit activity collectively must possess or obtain and apply the knowledge, skills, and
            other competencies needed to perform its responsibilities.” Internal auditors should have sufficient
            knowledge of key IT risks and controls and available technology-based audit techniques to perform
            their assigned work.

            IIA Standards

            IIA Standard 1200
            IIA Standard 1200: Proficiency and Due Professional Care, states, “Engagements must be performed
            with proficiency and due professional care,” and IIA Standard 1210: Proficiency, states, “Internal
            auditors must possess the knowledge skills, and other competencies needed to perform their
            individual responsibilities. The internal audit activity collectively must possess or obtain and apply
            the knowledge, skills, and other competencies needed to perform its responsibilities.” Internal
            auditors should have sufficient knowledge of key IT risks and controls and available technology-
            based audit techniques to perform their assigned work.

            IIA Standard 2230
            When assigning auditors to an engagement that may require specific skills and abilities, such as an
            audit with IT components, according to IIA Standard 2230: Engagement Resource Allocation,
            “Internal auditors must determine appropriate and sufficient resources to achieve engagement
            objectives based on an evaluation of the nature and complexity of each engagement, time
            constraints, and available resources.” The interpretation of this standard states, “Appropriate refers
            to the mix of knowledge, skills, and other competencies needed to perform the engagement.”
            Strengthening general IT knowledge will assist the internal audit activity and individual internal
            auditor in obtaining the skillsets required to perform IT related audits.

            IIA Standard 2340
            If an internal audit activity lacks personnel with the skills necessary to perform an audit that
            encompasses aspects of the IT environment, it may choose to outsource or cosource engagements.
            In doing so, the internal audit activity retains responsibility for the audit as a whole. IIA Standard
            2340: Engagement Supervision states, “Engagements must be properly supervised to ensure
            objectives are achieved, quality is assured, and staff is developed.”

            Business Risks, IT Controls, Skills, and Competencies




            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
   126   127   128   129   130   131   132   133   134   135   136