Identifying and addressing risk is singularly one of an organization’s
most important duties for its employees, shareholders, suppliers
and customers. Considerations related to information technology are
central to any organization’s effort to ensure that issues are addressed
quickly and thoroughly.
The jagged economic landscape — complicated by advancing technologies,
such as cloud, social media and mobile devices — can challenge the
ability of an IT internal audit to provide comfort to executives already
overwhelmed with rapidly expanding opportunities and pressures
caused by shrinking margins.
Further, considerations around continuity management, information
security, regulatory compliance and the execution of major complex
programs can also muddy the waters, reducing executives’ clarity and
limiting an organization’s ability to address risk and, ultimately, grow.
Regardless of the rigor of a strong risk assessment process, audit
leadership is often left with lingering questions: What did we miss?
What audits best address our risks? How should we answer questions
that might be posed from the audit committee about how we are
addressing a specific risk?
Helping to provide clarity, this thought leadership lists 10 considerations
to consider related to information technology. Knowing these
considerations, sharing and discussing them with clients and mapping
out a strategy to make sure they are addressed is a simple, yet crucial
step toward generating confidence that the IT audit function is doing
its job. Armed with strong data and new technology, and leveraging
leading practices and strong collaboration with the organization’s risk
function, IT internal audit executives can use this list to help enrich
clients’ understanding of the dangers that could imperil their very
survival, and build a strategic plan to address them.