Forum offered guidance on navigating evolving IT audit landscape
New Orleans, LA (May 3, 2016)—Leading authorities on IT audit offered solutions to several of the industry’s most critical challenges at Monday’s IT Audit Director Forum. The forum was part of global IT association ISACA’s North America CACS Conference, which concludes Wednesday in New Orleans.
The wide-ranging, discussion-intensive forum explored many of the toughest and most timely challenges encountered by IT auditors. Three key lessons emerged from the forum:
1. Optimize opportunities associated with big data. Efficiently harnessing the potential of big data can be problematic. The diversity of data, determining the data’s lineage and a lack of strategy from business leaders for how to optimize the data are among the potentially complicating factors.
However, the wealth of data available to IT auditors can help them deliver tremendous value.
Michael Juergens, CISA, CGEIT, CRISC, Principal at Deloitte & Touche LLP, said IT auditors should not “take their foot off the gas” when it comes to making use of the data available to them.
“One recurring theme we see is where an internal audit function does something with analytics or data and then ‘checks the box,’ saying they are using analytics or big data,” Juergens said. “This topic is extremely broad, so it is important to consider multiple aspects of big data and analytics, from data life cycle management and defensible destruction to data loss prevention, storage requirements, data governance and tool selection.”
2. Continuous risk assessments are essential. David J. Brand, Managing Director with Protiviti, said the evolving IT landscape requires more vigilance than in the past.
“An annual risk assessment is no longer acceptable,” Brand said. “If you have one report for the audit committee that is used for the rest of the year, that probably isn’t getting it done. Maybe you have an annual report for the audit committee, but you have to have the ability to react more quickly and make real-time adjustments rather than refresh on an annual basis.”
Brand said that organizations need to be especially mindful of internal vulnerabilities, which he said tend to be underestimated and underfunded in IT budgets.
3. Audit professionals play a critical role in assessing cyber risks—and need to make that clear. Tony Noble, CISA, VP of IT Audit at Viacom Inc., said a perception exists that a lack of expertise among IT auditors limits their ability to detect cyber risk. He said the problem usually is a lack of dialogue rather than a shortage of knowledge.
“If internal audit’s opinion on how the organization is addressing cyber risks is not valued, it will be difficult for them to convince management that they are adding positive value to the organization,” Noble said.
Noble said auditors should make use of established frameworks such as COBIT 5 and educational opportunities involving emerging technologies to ensure their skills keep pace.
Other speakers and topics at the forum included:
- Robert Kress, Protiviti (global look at IT audit best practices)
- Phil Lageschulte, KPMG (strategies for providing assurance over transition to cloud)
- Michael Smith and Khalid Wasti, PricewaterhouseCoopers (hiring and retaining the best talent)
A white paper featuring additional insights from the IT Audit Forum will be available soon. For additional audit and assurance resources, visit ISACA’s Knowledge Center. To live stream the closing keynote at North America CACS on Wednesday, visit www.isaca.org/NA-CACS2016.
ISACA (www.isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.
LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial