Taking an Integrated Approach to IT Audit
John Kelly 270004J7VQ firstname.lastname@example.org | | 0 Comments | 193 Visits
PwC surveyed the chief audit executives (CAEs) of Fortune 250 companies about trends likely to affect internal auditors over the next five years and what they expect internal audit to look like in 2012. Titled “Internal Audit 2012”, the study lists “ten imperatives” that provide the foundation for a high performance internal audit function in the years ahead including:
One of the key roadblocks to an integrated approach to IT audit is the sheer complexity of data gathering and management. In the past, it represented a tremendous amount of effort for internal audit to collect relevant information and to govern access to that information securely. A centralized technology platform for identifying, assessing and monitoring risk and controls presents a unique and unprecedented opportunity to help the business focus on making risk decisions based on management’s risk appetite and tolerances.
This common framework and process can make the business more predictable in meeting IT, financial and management objectives and can help managers anticipate major risk and control problems of the future. As a partner with IT and the business in managing risk, internal audit should be a driving factor in evaluating technological and process-based changes and evolving the organization’s risk management practices.