Automated tools may be used in IT processes to help the entity's IT personnel perform various tasks, from programming to monitoring the IT environment.
Automated tools are relevant to the audit when they automate functions that address the risks of using IT in the IT processes. We may also use output from the entity’s monitoring tools either in support of controls we are testing or in our substantive procedures.
In these situations, we perform audit procedures to address the manage change, manage access or manage IT operations risks associated with using the tools. These risks are different from that of an IT application in that the risks with the use of these tools is greatest in their configurations and who has access to change their configurations rather than in changes to their programmed functioning.