Page 50 - ITGC_Audit Guides
P. 50

Additional and Emerging IT Topics









                   This section will discuss some additional fundamental and emerging IT topics at a high
                   level. It is important to understand that these additional topics are dynamic, not static, and the list
                   is not exhaustive. The topics covered in the previous sections were once considered as emerging
                   IT topics and have over time become ubiquitous and essential to organizations. The same applies
                   to the several topics in this section; they may one day become commonplace processes for all
                   organizations.
                   As new IT topics surface and existing topics evolve, keeping informed and applying professional
                   skepticism remains crucial for internal auditors who strive to stay relevant and in conformance
                   with The IIA’s International Standards for the Professional Practice of Internal Auditing.

                   Data Management

                   In many organizations, applications are developed or obtained/used in silos, and it can be difficult
                   to verify the integrity of data used and produced by the applications. Data integrity relies on many
                   variables, such as the source(s) of data input into the application, the logic used by the
                   application to produce the data, and the accuracy of the data produced by the application.
                   One reason data quality may be insufficient is that organizations often gather or acquire data from
                   various sources. As this data is input to an organization’s various applications over time, due to
                   the sheer volume, the quality can deteriorate. In addition, if the format of data collected is different
                   for each collection method, the resulting data may be compromised. It is important to have front-
                   end controls to ensure uniform formatting.

                   Examples of data input issues include:

                      Data entry mistakes.
                      Data inaccurately stored within applications.
                      Data formatting is incorrect.

                   Once applications (which may have been developed in silos) are incorporated in key business
                   processes, users become dependent on these applications and data, even though in some
                   cases, this data may not be reliable.

                   The potential poor quality, lack of integrity, and inability for organizations to rely on their data may
                   cost millions of dollars. Recent estimates indicate an average organization may suffer losses of












                   42 — theiia.org
   45   46   47   48   49   50   51   52   53   54   55