November 15, 2010

Using High Value IT Audits to Add Value and Evaluate Key Risks and Controls

An organization’s top executives, board of directors and audit committee members look to information technology (IT) management for effective oversight of IT risks. The controls in place to manage these risks are an essential part of the internal control environment and structure. These same executives look to internal audit to evaluate whether IT risks are appropriately understood, managed and controlled, and whether the activities of the IT organization support the vision and strategy of the business (a process known today as IT governance). This important check and balance, or creative tension, forms an integral part of today’s corporate governance process.

An emerging trend in the profession is to move away from rotational infrastructure and application audits toward a more risk-based solution focused on those audits that have the most impact, or “high value.” Typically, a number of IT audits are frequently selected by audit committees, chief audit executives and others in the organization for their annual plans, but some of these audits have been determined to be “high value IT audits” because they fall into one or both of the following categories:

Audits that address very critical and high-risk activities/functions where assurance of control operating effectiveness is paramount and non-negotiable (for example, continuity of critical applications)
Audits that have the potential for a high return on investment (ROI) coming from the implementation of logical/possible audit findings and recommendations (for example, review of leased IT equipment where there are some known issues and probable cost-reduction opportunities)

High value audits are designed to provide the audit committee and process owners with cutting-edge, relevant and pragmatic insights into the technology risks and related recommendations in the audit area. The high value audit delivers actionable findings that drive the improvement of the organization’s financial and business systems and operations. In many cases, automated tools are used for more effective and efficient auditing. In all cases, having the right technical skills is critical. Those skills may not, however, always be resident in an existing internal audit organization.

Download the entire article:

SIGN UP FOR A 30-DAY FREE TRIAL

We invite you to use the tools and resources within KnowledgeLeader for free for 30 days so you can discover for yourself how this service will improve your internal audit and risk management capabilities.

Your free trial will expire automatically. There is no obligation to purchase a subscription.

Audit Committee & Board

Business Continuity Management

Control Self Assessment

Corporate Governance

COSO

Enterprise Risk Management

Fraud & Ethics

IFRS

Internal Audit

IT Audit

IT Governance

Sarbanes-Oxley

All Topics

Work Programs

Audit Reports

Charters

Checklists & Questionnaires

Guides

Job Descriptions

Methodologies & Models

Policies & Procedures

Process Flows

Samples

All Tools

Using High Value IT Audits to Add Value and Evaluate Key Risks and Controls

SIGN UP FOR A 30-DAY FREE TRIAL

LEARN MORE

Prices and Ordering

KnowledgeLeader Value Proposition

KnowledgeLeader Content

About KLplus

Take a Tour

What Our Customers Say

KnowledgeLeader University Program

About Protiviti

	Access Agreement \| Privacy Policy	Join Our Community:
	© 2012 Protiviti Inc. EOE All Rights Reserved