TIAPS Module 1 Audit and Assurance workbook
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
C.3.2 Information Technology<br />
IIA Internal <strong>Audit</strong> Competency Framework<br />
Information Technology:<br />
General Awareness: Describe the basic concepts of IT <strong>and</strong> data analytics. Describe the<br />
various risks related to IT, information security, <strong>and</strong> data privacy. Recognize the purpose <strong>and</strong><br />
applications of IT control frameworks <strong>and</strong> basic IT controls.<br />
Applied Knowledge: Apply data analytics <strong>and</strong> IT in auditing. Identify <strong>and</strong> assess various risks<br />
related to IT, information security, <strong>and</strong> data privacy. Apply IT control frameworks.<br />
Expert: Evaluate the use of data analytics <strong>and</strong> IT in auditing. Recommend actions to address<br />
IT risks, information security, <strong>and</strong> data privacy. Evaluate the use of IT control frameworks. 63<br />
IT audit is no longer the exclusive preserve of specialists. Information technology is utilized<br />
universally across departments <strong>and</strong> forms a part of most procedures. Hence, all internal<br />
auditors need to be able to recognize IT risks <strong>and</strong> evaluate the effectiveness of controls.<br />
IT creates many opportunities <strong>and</strong> threats for organizations. It is used as a tool to provide<br />
services to clients <strong>and</strong> support routine operations including controls. IT usage includes:<br />
• Routine storage, access, <strong>and</strong> manipulation of large amounts of data, presenting<br />
potential issues for data privacy <strong>and</strong> protection.<br />
• Wide usage <strong>and</strong> availability of mobile phones, tablets, laptops, memory sticks with<br />
huge storage capacity, <strong>and</strong> other personal devices.<br />
• Ready access to “big data” <strong>and</strong> the potential for continuous auditing.<br />
• The increasing use of data analytics<br />
• Social media for personal <strong>and</strong> business use.<br />
• Cloud computing for flexible storage <strong>and</strong> access.<br />
• Blockchain.<br />
• Artificial intelligence, machine learning, <strong>and</strong> virtual reality.<br />
• Online receipts, payments, <strong>and</strong> banking.<br />
IT tools <strong>and</strong> techniques are also available for internal auditors to assist with planning,<br />
communication, testing, remote observation, analysis, <strong>and</strong> follow up. (This is covered in<br />
more detail in T2: Good Governance, Managerial Accountability, Developing Strategy, <strong>and</strong><br />
Data Analysis.)<br />
IT creates key risk areas for organization including:<br />
• Compliance risks (especially for data privacy <strong>and</strong> protection).<br />
• Reputational damage <strong>and</strong> erosion of trust by citizens, service users, vendors, donor<br />
organizations, <strong>and</strong> others.<br />
• Financial penalties.<br />
• Operational disruption.<br />
• Skills gaps <strong>and</strong> shortages.<br />
63<br />
Internal <strong>Audit</strong> Competency Framework, The IIA, 2022.<br />
64