Scribd
Upload
116 views17 pages

IT AUDIT: From Theory To Practice

The document discusses how internal audit functions should adapt to the new normal brought about by COVID-19. It focuses on how IT audit resources and planning have been impacted. Key points include: the top concerns for internal audit are now cybersecurity, IT, and third party relationships due to digital transformation during the pandemic; internal auditors now require new remote auditing skills; and when planning IT audits, a focus on cybersecurity, user access controls, and data privacy is suggested. Flexibility and collaboration are also emphasized when developing the annual IT audit plan.

Uploaded by

Quang Nguyen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
116 views17 pages

IT AUDIT: From Theory To Practice

The document discusses how internal audit functions should adapt to the new normal brought about by COVID-19. It focuses on how IT audit resources and planning have been impacted. Key points include: the top concerns for internal audit are now cybersecurity, IT, and third party relationships due to digital transformation during the pandemic; internal auditors now require new remote auditing skills; and when planning IT audits, a focus on cybersecurity, user access controls, and data privacy is suggested. Flexibility and collaboration are also emphasized when developing the annual IT audit plan.

Uploaded by

Quang Nguyen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Internal Audit Community of Practice (IACOP)

IT AUDIT: From Theory to Practice


WEBINAR

IT Audit Resources and Planning

Professor Frank Yam


Chairman & CEO – Focus Strategic Group Inc
November 23, 2020
Content
2

 Embracing the New Normal


 COVID-19
 Impact to Internal Audit Functions
 Everything Digified
 IT Audit Resources
 IT Audit Planning
THE NEW NORMAL
Post COVID-19
3

Country Population Confirmed/1M Deaths/1M Confirmed/1M Deaths/1M


Albania 2,876,641 8,969 205
Armenia 2,965,275 37,281 552
Azerbaijan 10,172,439 6,743 87
Belarus 9,448,180 11,574 108
Bosnia and Herzegovina 3,273,270 20,336 520
Bulgaria 6,929,071 12,601 274
Croatia 4,095,903 17,784 218
Czechia 10,716,269 40,948 520
Georgia 3,986,347 16,697 142
Hungary 9,651,311 12,730 279
Kazakhstan 18,858,176 6,283 101
Kosovo 1,810,366 13,934 421
Kyrgyzstan 6,563,032 9,806 181
Moldova 4,030,509 21,016 484
Montenegro 628,095 39,588 567
North Macedonia 2,083,343 20,419 582
Romania 19,190,198 16,889 437
Russia 145,957,452 12,586 216
Serbia 8,724,381 8,072 107
Tajikistan 9,614,381 1,192 9
Turkey 84,668,717 4,749 132
Ukraine 43,636,591 11,225 205
Uzbekistan 33,644,633 2,061 18
AVERAGE 19,283,677 15,369 277
THE NEW NORMAL
COVID-19’s Impact to Internal Audit Functions
4

Top concerns, but under-represented in annual audit plans:

1) Cybersecurity
• Organizations have allowed staff to work from
anywhere, placing reliance on processes and controls
over cyber risks that may not be adequately assessed.

2) Information Technology
• Almost 60% have added new technology and data
security

3) Third-party Relationships
• Less than half (48%) have devoted IA resources to cover
third-party relationships

BUT IT IS NOT JUST ABOUT COVID-19


THE NEW NORMAL
Everything Digified
5

For Organisations: For Internal Auditors:


 Staff work from anywhere
 Remote Auditing
 Flexible working hours
(teleconferencing, screen
 Staggering Schedules
sharing, video conferencing, file
 Provide PPE to staff (and
sharing)
even customers & guests)
 Priority on (1) Keeping  Change in skills required as a

everyone safe, and (2) CEM result of digital transformation


and BCP  Unemployment and economic
 New strategies and downturn will increase fraud risks
initiatives (including (hence, audit focus needs to
technology-related) change)
 Potential layoffs
IT Audit Resources
Who should we be looking for?
6

The KEY to success = building teams that can thrive in a future that can’t be predicted

So Keep Empowering Yourself !


Source: Video “What skills will an Auditor in the Future need?” (CA - A/NZ)
IT Audit Resources
Who should we be looking for?
7

 AI  Zoom
 Machine Learning  Webex (Cisco)
 Big Data  Teams (MS)
 RPA  Meet (Google)
 Blockchain  KOL
 DevSecOps  IoT
 Agile / SCRUM  VR / AR
 Digital Transformation  5G
 Ecosystem  FinTech, RegTech,
 UI / UX EdTech, HealthTech
 Design Thinking  Cryptocurrency
 Cloud computing  e-Wallets
 SaaS, IaaS, PaaS  e-Payments
  QR codes
VPN
 Drones
 API
 Chatbots
 SDK
 3D printing
 Quantum Computing
 Wearables
 Nanotechnology
 Disruptive Technologies Someone who can understand the  Gig economy
 Smart City /
 SOC Business and IT Alignment Challenges Government
 Millennial
IT Audit Resources
Who?
8

 In-house Auditors  Collaboration  Co-Sourcing


 Urgent need to up-skill  Compliance  Technical Areas
and re-skill  Internal Control  Periodic, As Needed
 Consider Secondments  
Risk Management Knowledge Transfer
 Sharing Best Practices  Security
 Privacy
 Fraud Investigation
 External Audit
IT Audit Resources
How?
9

Auditor RPA / CAATs


Management

Client Portfolio Project


Management Management
Management

Risk Workpaper
Management Management
(and
Planning)
IT Audit Planning
10

Source: ISACA Journal – 2019 May 1 – “Developing the IT Audit Plan Using COBIT 2019”
IT Audit Planning
Annual Planning
11

 Consider adopting an Agile Portfolio Management approach


 Embrace short-term prioritisation
 Regular review/updates to the audit plan (to mirror the changing pace of risk and
assurance needs)
 Allow for increased flexibility in the audit plan:
 Try to assist in new projects / initiatives
 This is the best time to build rapport, and to demonstrate IA’s value
 Collaborate with key stakeholders (including the AC) to understand any new and/or
elevated risks, and to assess how best to support with the provision of assurance
 Increasing the number of progress meetings held with key stakeholders across the
business. Where possible use video calls to build rapport and establish trust.
IT Audit Planning
Annual Planning – Suggested Focus Areas
12

(1) Cybersecurity (Ransomware, Cyber Extortion)


 User Access Controls
 Data backup and recovery
 Regulatory Requirements on Data Privacy (GDPR, etc)

Ransomware –
prevents you from
accessing your data
IT Audit Planning
Annual Planning – Suggested Focus Areas
13

(2) Business Continuity


 Disaster recovery (CEM)
 Segregation of critical teams (in case of
quarantines)
 Reviewing digital capabilities from transactions to
customer interactions
 Re-visit BIA and “worst case scenarios”
 Media Management Plans

(3) Review IT processes that are NOT governed by IT


(4) Review existing policies, guidelines
IT Audit Planning
Engagement Planning
14

Suggested Areas of Focus:


 Feasibility of Remote Auditing

 Electronic documentation availability (+ capability to scan paper documents)

 Remote walkthroughs (‘talk-throughs’), progress updates and report of emerging findings

 Availability of new technologies to deliver work, such as Microsoft Teams, Zoom, or Skype for virtual
meetings/workshops (Consider recording such interactions to enhance IA evidence)
 Deployment of analytics to increase coverage, and focus on outliers

 Control override (employees seeking workarounds to existing controls in time of uncertainty)

 Increasing risks of fraud


Useful IT Audit Resources
15
What’s Next
16

 Auditors
No one knows what the digital
future will be ….
 Assess your skills fit (vs the Future)
 Audit Leaders
 Invest in RPA and AI
 Recruit and empower “digital-savvy” employees
 Governments / Organisations
 Prepare for dramatic shifts in work and workforce
distribution patterns
 Embrace Technologies, and Digital Transformation
 Focus on UI / UX
THANK YOU!

You might also like