Page 37 - Courses
P. 37
IT Essentials — Introduction to IT
implemented to help ensure the completeness, accuracy, and availability of technology
processing.
• Establishes relevant security management process control activities — Management selects and
develops control activities that are designed and implemented to restrict technology access
rights to authorized users, commensurate with their job responsibilities and to protect the
entity’s assets from external threats.
• Establishes relevant technology acquisition, development, and maintenance process control
activities — Management selects and develops control activities over the acquisition,
development, and maintenance of technology and its infrastructure to achieve management’s
objectives.
Principle 9: The organization identifies and assesses changes that could significantly impact the
system of internal control. Assesses changes in the external environment — The risk identification
process considers changes to the regulatory, economic, and physical environment in which the
entity operates.
• Assesses changes in the business model — The organization considers the potential impacts of:
o Developing new business lines.
o Dramatically altering compositions of existing business lines.
o Reacting to changes in the system of internal control after acquisition or divesture of
business operations.
o Reacting to rapid growth.
o Changing reliance on foreign geographies.
o Developing new technologies.
• Assesses changes in leadership — The organization considers changes in management and
respective attitudes and philosophies on the system of internal control.
The COSO framework also supports organizations as they adapt to the increasing complexity and
pace of a changing business environment, manage risks to acceptable levels, and improve the
reliability of information for decision-making.
The IIA’s Code of Ethics and Standards
IT competency also is addressed in The IIA’s Code of Ethics and the International Standards for the
Professional Practice of Internal Auditing (Standards). The Competency principle of the Code of
Ethics states: “Internal auditors must apply the knowledge, skills, and experience needed in the
performance of internal audit services.” The Competency rules of conduct, which describe behavior
norms expected of internal auditors state that internal auditors:
• 4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and
experience.
• 4.2. Shall perform internal audit services in accordance with the International Standards for the
Professional Practice of Internal Auditing.
• 4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.
Necessary Skill Set for IT Environments
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.