Page 9 - ITGC_Audit Guides
P. 9

Executive Summary









                   In today’s world, technology is an integral part of
                   every organization and underpins almost every piece   Note
                   of data, every transaction or calculation, and every   The cover, logo, and references in
                   process or business activity. Internal auditors need a   this guide have been updated. The
                   basic understanding of underlying information         content has not changed.
                   technology (IT) concepts and operations. Without
                   this, internal auditors may not fully comprehend IT
                   objectives and the associated risks, and may lack the ability to assess or audit the design or
                   effectiveness of controls related to those risks.
                   This guidance introduces the basic IT competencies and understanding needed by any internal
                   auditor and more fully provides discussions and overviews of IT operations, strategies, and the
                   underlying technologies themselves. It does not go into details on information technology controls
                   or how to audit IT; these are covered in other IIA guidance. Rather, it covers essential IT-related
                   activities and concepts that all internal auditors should know.

                   Overviews are provided on IT governance, the relationship between IT and the business, and
                   how IT creates value through ongoing operations, project delivery, system development, and
                   support, and its monitoring of quality and service delivery levels. This guide also covers the basic
                   understanding needed for three critical IT technical domains — infrastructure, network, and
                   applications — along with a high-level review of applicable challenges and risks in those areas.

                   Another purpose of this guide is to introduce content from The IIA’s IT Competencies Framework
                   (Figure 1), and to align to the IT aspects covered in The IIA’s Certified Internal Auditor (CIA)
                   exam, which tests the basic level of IT understanding internal auditors need.

                   The guide also explores some emerging IT trends and topics. New risks and continued changes
                   of the IT landscape are part of IT’s inherent, evolving nature. As noted, specific IT audit activities,
                   IT-related general and application controls, and more advanced topics on IT risks, controls, and
                   audit techniques are covered in other guidance from The IIA, which can also supplement the
                   study of IT when preparing for the CIA exam or for other general knowledge of IT.














                   1 — theiia.org
   4   5   6   7   8   9   10   11   12   13   14