by Maria E. Heyaca
While the adoption of IT audit practices has increased in recent years, it is still an area where many organizations continue to fall short. Despite the rise in prevalence of technology and the associated risks in terms of security and privacy, some organizations may not be prioritising systems auditing as much as they should.
From artificial intelligence to cloud computing, IoT, and blockchain, new technologies are shifting the strategic importance of IT auditing for all types of industries. This is true for corporations and institutions, and perhaps even more so for small and medium-sized businesses, where security concerns are lower on the priority list and IT audits are less common.
For instance, the rapid development of cost-effective and flexible AI or automation tools is a wonderful advancement for companies seeking to digitalize and increase their productivity. However, the multiplication of external solutions can also significantly increase third-party risk, the complexity of auditing and the need for adequate security and privacy controls. For governments, the growth of decentralised solutions or the use of algorithms in decision-making also means having to develop new frameworks to assess their security, stability and integrity. Together with subject matter specialists, experienced IT auditors are ideally suited to assist with these tasks.
“Organizations worldwide are focused on transformation. Some, in fact, can find themselves in a determined rush to automate, become more digital and bring in the latest advanced technologies. It is in these instances where IT audit can deliver value by providing a clear point of view on the underlying processes strategic technology projects are serving”
Andrew Struthers-Kennedy, Managing Director — Global Leader, IT Audit, Protiviti
At the same time, the traditional role of IT auditing, focused primarily on compliance and risk management, is evolving to meet the dynamic challenges posed by technological advancements. Specialisations (AI/algorithm auditing, cloud auditing, etc.) are growing, as are the expectations that general IT auditors and internal auditors have a clear understanding of how new technologies and tools integrate with the organisation's processes and systems. In general, IT is transforming the conventional audit approach to favour more integrated audits that take into account the relationship between IT, financial and operational controls.
Additionally, the practice of IT auditing is shifting from reactive to proactive risk management, with IT auditors becoming strategic advisors in tool development and the design of on-board controls – sometimes a delicate balancing act with the audit function's sacrosanct independence. Expectations regarding assessment of the ethical use of technology are also starting to appear.
Controls and risk management are an integral element of a digital transformation strategy, as with any transformation. In the context of technology, IT auditing is key for risk mitigation, and can be a powerful ally to build more efficient, resilient and secure businesses.
Undoubtedly, the fact that IT auditors are one of the most sought-after profiles among recruiters ("the looming shortage of IT auditors" as reported by Gartner) indicates that organisations are making use of their services. Yet, IT audit remains frequently an afterthought in many digital transformation conversations. Companies and organisations should think about elevating the strategic relevance of IT auditing and add focus to training internal auditors, recruiting IT auditors, and/or contracting such expertise. It can be key in helping safeguard your digital transformation.
Comments