Page 55 - ITGC_Audit Guides
P. 55

and early involvement in their implementation is imperative. This could identify potential risks that
                   may occur and better equip the organization to address them. Numerous risks must be
                   considered including operational, compliance, and reporting. Other challenges and risks may
                   include but are not limited to:

                      Lack of understanding the technology/concept/tool.
                      Lack of understand changes in the process associated with the technology/concept/tool.

                      Insufficient planning for implementation, maintenance, or changes to the technology/-
                       concept/tool.

                      Lack of inclusion of the new technology/concept/tool in the risk assessment.
                   What is audited typically does not change with new technology, tools, automation, etc.; rather,
                   how the audit is performed based on the change in inherent and residual risk must be considered.
                   For example, IT general controls (e.g., access, change, backups) still exist, so existing control
                   frameworks are all still applicable (e.g. Center of Internet Security [CIS], Cloud Security Alliance
                   [CSA], or NIST 800-53). Audits of emerging areas still face operational risks, reporting risks, as
                   well as compliance risks. A holistic view on risks is fundamental.

                   In addition to understanding technologies an organization is using, internal audit may leverage
                   some emerging technologies for their own uses (e.g. using data analytics or RPA to assist in their
                   sampling process, or to implement continuous auditing).

                   Conclusion


                   Technology drives every organization in today’s world. Internal auditors will need more tools,
                   talents, and skills than ever before to remain relevant, to continue providing assurance to their
                   organizations that systems are running as they should and controls are in place. The
                   fundamentals of internal auditing ― risk-based assessments, planning, communicating, and
                   continual learning ― are as important as ever.

                   Internal auditors should remain agile and ready for changes in business models as organizations
                   adopt advances in technology. They should be nimble enough to grow along with the organization
                   and foster good working relationships with their fellow business units and departments to be
                   progressive in partnering to face challenges that lie ahead. To remain relevant, to add value, and
                   to offer protection to their organizations, it will be crucial for internal audit to keep up with change.
























                   47 — theiia.org
   50   51   52   53   54   55   56   57   58   59   60