Page 36 - Courses
P. 36
IT Essentials — Introduction to IT
Understanding basic IT terminology and having a general understanding of information technology
is essential due to the businesses reliance on technology. There is a trend to move from sampling to
population testing and with that comes the necessity of having a general understanding of data
analytics.
With the explosion of cloud computing alternatives that have been fueled by the COVID-19
pandemic, all internal auditors need basic knowledge of information security risks and controls as
well as general knowledge regarding the potential impact that cyber exploit can have on data
privacy regulations.
Obtaining this understanding of information technology starts by gaining awareness of IT Control
Frameworks, most notable ISO27xxx, The Committee of Sponsoring Organizations of the Treadway
Commission’s (COSO’s) Internal Control-Integrated Framework (2013), Center of Internet Security
CIS, Cloud Security Alliance (CSA), National Institute of Science and Technology (NIST) 800-53 (and
800-171 for DoD contractors) and ISACA COBIT 19.
Each control framework describes the types of internal controls by category necessary to safeguard
an organization’s data and information assets from risk and create business value.
The primary benefits of adopting one of more frameworks include:
1. Improved consistency and repeatability in control-related processes.
2. Improved internal controls.
3. Enhanced information security.
4. Improved business value through potential cost savings.
5. Improved regulatory compliance.
6. Improved stakeholder confidence.
Components of the COSO Framework
The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal
Control-Integrated Framework (2013), provides thought leadership and guidance on internal
control, enterprise risk management, and fraud deterrence. COSO’s framework facilitates efforts by
organizations to develop cost-effective systems of internal control to achieve important business
objectives and sustain and improve performance. We will examine two of the COSO Framework
principles:
Principle 11: The organization selects and develops general control activities over technology to
support the achievement of objectives.
• Determines dependency between the use of technology in business processes and technology
general controls — Management understands and determines the dependency and linkage
between business processes, automated control activities, and technology general controls.
• Establishes relevant technology infrastructure control activities — Management selects and
develops control activities over the technology infrastructure, which are designed and
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.