What Tech Issues Internal Audit Watches -- and Where It Falls Short
IT is gaining a greater focus among auditors on cloud and social-media issues, a new study shows. But to do a better job, audit needs to draw more on tech itself.
Internal auditors are scrutinizing social media applications and cloud-based computing as they examine the costs and benefits of technology at companies, a new report says. And they consider these the two top business priorities requiring auditing skills.
In its “Internal Audit Capabilities and Needs Survey” for 2012, Robert Half International consulting firm Protiviti draws such conclusions from a survey of more than 800 audit professionals globally.
The consultancy notes that this tech emphasis is a change from a year ago, when international financial reporting standards the Global Technology Audit Guide for fraud prevention dominated survey participants’ interest.
'New Enterprise-Wide Risks'
“Unlike some other areas of technology, social media and cloud-based applications are often used across an entire organization and that creates new enterprise-wide risks,” says Protiviti executive vice president Brian Christensen. “As usage continues to grow, the internal audit function – in partnership with executive management – is being challenged to identify, assess, monitor and mitigate these new and emerging risks appropriately.”
Despite their acknowledgement of its importance, many internal auditors in the survey say their “technology IQ” needs serious improvement, “both in understanding new technologies and employing technology-enabled auditing processes.”
In technology issues, according to Christensen, “Not only must internal auditors enhance their knowledge and understanding of new technologies and how they support the business, but they also must leverage these technologies to perform their jobs more effectively. Technological advancements in virtually every organization are creating new challenges and opportunities for internal audit professionals.”
More Use of IT in the Audit
The survey, conducted through the fall of 2011, also showed:
A need for improving “technology-enabled audit,” since one in three organizations “does not utilize software applications to administrate its audit processes.” And indeed, among those that do, 27% use basic spreadsheets or word processing mainly. “Of those that do not, just one in four plan to implement such a tool within the next 12 months.”
Respondents rank “IT asset management” as a top area for improvement. “There’s significant cost associated with IT assets,” Christensen notes. “Even a relatively small percentage of ‘loss’ in terms of hardware or data could result in significant financial losses and, in the event of a security or data breach, potentially devastating effects in terms of regulatory noncompliance and reputation loss.”
Protiviti finds a “surprisingly large” ratio of organizations – six out of 10 – “do not leverage data analysis or technology-enabled audits to prevent fraud.” But more than half “use these processes to detect, monitor and investigate fraud.”