As big data systems require vast amounts of data for analysis, audit programs should include test
                   steps to ensure the quality, security, and privacy of the data used for analysis, as well as analytic
                   outputs. Because big data consumes data from many disparate sources to  provide  a more
                   complete view of a subject, audit programs should provide reasonable assurance that the data is
                   safe from unauthorized modification  and  can only be viewed by authorized individuals. Audit
                   programs should also test the controls over the quality of data input into the system as well as the
                   quality of output and reporting from the system; these efforts may include providing substantive
                   test coverage over the quality of key system data and reporting.

                   Appendix D provides a sample work program to help internal auditors jumpstart a review of big
                   data in their organization.  Note that  the  list of review activities provided in the sample  work
                   program is not comprehensive, as work programs must be customized to meet the specific needs
                   of each organization.
                   Big data systems and reference materials are changing frequently. Therefore, internal audit should
                   remain focused on using the most appropriate guidance when developing and executing audit
                   plans and coverage models of big data within their organizations.




















































                   21 — theiia.org