Page 36 - Courses
P. 36

IT Essentials — Introduction to IT

            Understanding basic IT terminology and having a general understanding of information technology
            is essential due to the businesses reliance on technology. There is a trend to move from sampling to
            population testing and with that comes the necessity of having a general understanding of data
            analytics.



            With the explosion of cloud computing alternatives that have been fueled by the COVID-19
            pandemic, all internal auditors need basic knowledge of information security risks and controls as
            well as general knowledge regarding the potential impact that cyber exploit can have on data
            privacy regulations.



            Obtaining this understanding of information technology starts by gaining awareness of IT Control
            Frameworks, most notable ISO27xxx, The Committee of Sponsoring Organizations of the Treadway
            Commission’s (COSO’s) Internal Control-Integrated Framework (2013), Center of Internet Security
            CIS, Cloud Security Alliance (CSA), National Institute of Science and Technology (NIST) 800-53 (and
            800-171 for DoD contractors) and ISACA COBIT 19.

            Each control framework describes the types of internal controls by category necessary to safeguard
            an organization’s data and information assets from risk and create business value.
            The primary benefits of adopting one of more frameworks include:
            1.     Improved consistency and repeatability in control-related processes.
            2.     Improved internal controls.
            3.     Enhanced information security.
            4.     Improved business value through potential cost savings.
            5.     Improved regulatory compliance.
            6.     Improved stakeholder confidence.

            Components of the COSO Framework

            The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal
            Control-Integrated Framework (2013), provides thought leadership and guidance on internal
            control, enterprise risk management, and fraud deterrence. COSO’s framework facilitates efforts by
            organizations to develop cost-effective systems of internal control to achieve important business
            objectives and sustain and improve performance. We will examine two of the COSO Framework
            principles:

            Principle 11: The organization selects and develops general control activities over technology to
            support the achievement of objectives.
            •  Determines dependency between the use of technology in business processes and technology
               general controls — Management understands and determines the dependency and linkage
               between business processes, automated control activities, and technology general controls.
            •  Establishes relevant technology infrastructure control activities — Management selects and
               develops control activities over the technology infrastructure, which are designed and

            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
   31   32   33   34   35   36   37   38   39   40   41