IT Essentials for Internal Auditors
This guidance introduces the basic IT competencies and understanding needed by any internal auditor and more fully provides discussions and overviews of IT operations, strategies, and the underlying technologies themselves. It does not go into details on information technology controls or how to audit IT; these are covered in other IIA guidance. Rather, it covers essential IT-related activities and concepts that all internal auditors should know.
IPPF
Riservato ai sociIT Essentials for Internal Auditors
GTAG 20 - Understanding and Auditing Big Data
Executive Summary
Big data is a popular term used to describe the exponential growth and availability of data created by people, applications, and smart machines. The term is also used to describe large, complex data sets that are beyond the capabilities of traditional data processing applications. The proliferation of structured and unstructured data, combined with technical advances in storage, processing power, and analytic tools, has enabled big data to become a competitive advantage for leading organizations that use it to gain insights into business opportunities and drive business strategies. However, the challenges and risks associated with big data must also be considered.
IPPF
Riservato ai sociGTAG 20 - Understanding and Auditing Big Data
GTAG 19 - Assessing Cybersecurity Risk
Executive Summary
Organizations of all types are becoming more vulnerable to cyber threats due to their increasing reliance on computers, networks, programs and applications, social media, and data. Security breaches can negatively impact organizations and their customers, both financially and in terms of reputation. Global connectivity and accessibility to information by users outside the organization increase risk beyond what has been historically addressed by IT general and application controls. Organizations’ reliance on information systems and the development of new technologies render traditional evaluations of IT general and application controls insufficient to provide assurance over cybersecurity.
IPPF
Riservato ai sociGTAG 19 - Assessing Cybersecurity Risk
GTAG 18 - Auditing Smart Devices
Executive Summary
Smart devices, such as cell phones and tablets, offer truly mobile and convenient options for working remotely. Like any new or expanding technology, smart devices also introduce additional risks for organizations.
Internal auditing’s approach to assessing risks and controls related to smart devices is evolving as new technologies emerge and the variety of devices increases. To meet these challenges, internal auditors are tasked with:
- Understanding the organization’s smart device strategy.
- Evaluating the effect of smart device technology on the organization.
- Providing assurance over the smart device environment by:
- Identifying and assessing risks to the organization arising from the use of such devices.
- Determining the adequacy of applicable governance, risk management, and controls related to such devices.
- Reviewing the design and effectiveness of related controls.
IPPF
Riservato ai sociGTAG 18 - Auditing Smart Devices
IPPF
GTAG Auditing Mobile Computing
Evaluating Corporate Social Responsibility/Sustainable Development
Evaluating Corporate Social Responsibility/Sustainable Development (incontro CAE Program del 7 aprile 2011)
IPPF
Riservato ai sociEvaluating Corporate Social Responsibility/Sustainable Development
IPPF
Riservato ai sociCreating an Internal Audit Competency Process for the Public Sector
GTAG 17 - Auditing IT Governance
La presente GTAG fornisce agli Internal Auditor, del settore pubblico e privato, le conoscenze necessarie nel fornire i servizi, di Assurance e consulenza, per l'IT Governance.
IPPF
Riservato ai sociGTAG 17 - Auditing IT Governance
GTAG 16 - Data Analysis Technologies
The IIA has released a practice guide entitled “GTAG 16: Data Analysis Technologies.” This guide aims to help CAEs understand how to move beyond the tried and true methods of manual auditing toward improved data analysis using technology. After reading this guide, you will:
- Understand why data analysis is significant to your organization.
- Know how to provide assurance more efficiently with the use of data analysis technology.
- Be familiar with the challenges and risks that you will face when implementing data analysis technology within your department.
- Know how to incorporate data analysis at your organization through adequate planning and appropriate resource structures.
- Recognize opportunities, trends, and advantages of making use of data analysis technology.
To further assist CAEs and other individuals who use this guide, we also have included a detailed example of the application of data analytics to procurement control activities in Appendix A. Consistent with where most data analysis starts, these examples are largely focused on simple data matching and reperformance of automated system functionality used in providing assurance.
IPPF
Riservato ai sociGTAG 16 - Data Analysis Technologies
GTAG 15 - Information Security Governance
Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.
This GTAG will provide a thought process to assist the CAE in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.
GTAG 15: Information Security Governance will assist efforts to:
- Define ISG.
- Help internal auditors understand the right questions to ask and know what documentation is required.
- Describe the internal audit activity’s (IAA) role in ISG.
IPPF
Riservato ai sociGTAG 15 - Information Security Governance