Page 447 - ITGC_Audit Guides
P. 447

policies, processes, and tools to consistently manage the environment and control the risks
                   related to big data, which is essential for adequate protection of the organization’s information.
                   While multiple organizational functions may  own part of the big data strategy, the key to a
                   successful big data audit is to identify a single group of key stakeholders who can provide the
                   necessary information to minimize business disruption and optimize business and audit resources.

                   Engagement Objectives


                   In accordance with Standard 2210  –  Engagement Objectives, internal auditors must establish
                   engagement objectives to address the risks associated with the activity under review. A risk
                   assessment should  be  performed to assist  in defining initial objectives and to identify  other
                   significant areas of concern.

                   The audit objective for a big data audit can be defined in different ways. For example, the objective
                   can be defined  as part of  the annual  audit plan, or as a result of enterprise risk management
                   efforts, past audit findings, regulatory requirements, or specific assurance needs from the board
                   or audit committee.


                   Engagement Scope and Resource Allocation


                   Procedures to be performed and the scope (nature, timing, and extent) of the engagement should
                   be determined after the risks have been identified. According to Standard 2220.A1, “The scope of
                   the engagement must include consideration of relevant systems, records, personnel, and physical
                   properties, including those under the control of third parties.”

                   The audit engagement should encompass strategy and governance (including policies, standards,
                   and procedures), employee awareness, and training. Internal audit must determine the skills
                   necessary to complete the audit engagement and the total number of resources required. The
                   internal audit staff must have the appropriate level of expertise, knowledge, and skills to
                   successfully perform the audit engagement, or external resources with the requisite competencies
                   should be utilized.

                   It may be difficult to audit the entire big data program. Instead, the scope of the audit engagement
                   can be defined by business unit, location, strategic objective, or any other criteria that are
                   meaningful to the organization.

                   Engagement Work Program


                   In accordance  with Standard  2240.A1, “Work programs must  include  the procedures  for
                   identifying, analyzing, evaluating, and documenting information during the engagement.”









                   28 — theiia.org
   442   443   444   445   446   447   448   449   450   451   452