Page 37 - Courses
P. 37

IT Essentials — Introduction to IT

               implemented to help ensure the completeness, accuracy, and availability of technology
               processing.
            •  Establishes relevant security management process control activities — Management selects and
               develops control activities that are designed and implemented to restrict technology access
               rights to authorized users, commensurate with their job responsibilities and to protect the
               entity’s assets from external threats.
            •  Establishes relevant technology acquisition, development, and maintenance process control
               activities — Management selects and develops control activities over the acquisition,
               development, and maintenance of technology and its infrastructure to achieve management’s
               objectives.

            Principle 9: The organization identifies and assesses changes that could significantly impact the
            system of internal control. Assesses changes in the external environment — The risk identification
            process considers changes to the regulatory, economic, and physical environment in which the
            entity operates.
            •  Assesses changes in the business model — The organization considers the potential impacts of:
                   o  Developing new business lines.
                   o  Dramatically altering compositions of existing business lines.
                   o  Reacting to changes in the system of internal control after acquisition or divesture of
                       business operations.
                   o  Reacting to rapid growth.
                   o  Changing reliance on foreign geographies.
                   o  Developing new technologies.
            •  Assesses changes in leadership — The organization considers changes in management and
               respective attitudes and philosophies on the system of internal control.

            The COSO framework also supports organizations as they adapt to the increasing complexity and
            pace of a changing business environment, manage risks to acceptable levels, and improve the
            reliability of information for decision-making.
            The IIA’s Code of Ethics and Standards

            IT competency also is addressed in The IIA’s Code of Ethics and the International Standards for the
            Professional Practice of Internal Auditing (Standards). The Competency principle of the Code of
            Ethics states: “Internal auditors must apply the knowledge, skills, and experience needed in the
            performance of internal audit services.” The Competency rules of conduct, which describe behavior
            norms expected of internal auditors state that internal auditors:
            •  4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and
               experience.
            •  4.2. Shall perform internal audit services in accordance with the International Standards for the
               Professional Practice of Internal Auditing.
            •  4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.

            Necessary Skill Set for IT Environments



            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
   32   33   34   35   36   37   38   39   40   41   42