No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

Transforming IT Audit in the Digital Era

by Andrew Struthers-Kennedy
June 6, 2018
in Featured, Internal Audit
Transforming IT Audit in the Digital Era

Robotic Process Automation and Other Key Advances

A number of technological advances are emerging that, when implemented by IT audit, will upend the traditional approach to IT auditing. Among the advances: robotic process automation, advanced analytics, and process mining. Protiviti’s Andrew Struthers-Kennedy and Ashley Cuevas explore several changes coming to the IT audit function, and how each will increase the department’s business value.

with co-author Ashley Cuevas

Organizations everywhere are progressing on their digital journeys at a healthy clip. They’re evaluating and adopting new technologies quickly and compressing the time it takes for a project to go from concept to implementation. In this fast-paced, technology-driven climate, IT auditors and IT audit functions must also evolve and transform, with no time to waste.

IT auditors need to be more agile, dynamic and progressive in the ways they assess potential risks in IT initiatives and the overall IT environment. And they can start by stepping up their engagement and alignment with IT and business stakeholders across the organization.

Collaboration and Partnerships Are Key

For IT audit leaders, the focus should be on building strong relationships with other leaders and subject matter experts who can provide valuable top-down direction. IT audit’s success also hinges on its reputation in the organization. IT auditors must be able to add value through their work on IT projects and activities. Their work cannot be focused solely on controls and compliance. Rather, they need to build reputations as capable risk advisers who help ensure that guardrails are in place so that technology projects are managed in a risk-savvy manner without unduly impeding progress and innovation.

What should this involve? Effective partnering and collaboration with central IT, compliance teams and line-of-business stakeholders are required, along with key stakeholders in functional areas such as finance, human resources, legal and sales and marketing. IT auditors have to understand not only the technology usage across the organization, but also the alignment between systems and technologies with business objectives of their stakeholders.

Early Is Better

What’s more, IT auditors need to become involved with projects early, more often and in a more integrated fashion. In today’s fast-paced environment of digital transformation, the traditional retrospective approach to IT auditing is no longer effective. The IT audit should span the entire technology project lifecycle, beginning with project concept and business case development and extending into the planning and design phases, through development and testing and throughout the implementation and post-implementation phases.

IT audit functions that are involved early and throughout the technology implementation lifecycle increase the likelihood that project risks will be identified, escalated, evaluated and acted on in as close to real time as possible.

The audit plan, too, should evolve from an annual plan to a real-time plan so that IT audits are implemented where and when they’re needed.

Finally, with today’s growing business challenges and the rapid speed of technology changes, stakeholders expect IT auditors to deliver real-time risk advice along with strategic insights. To this end, IT auditors need to operate in a continuous learning mode, actively monitoring the market and technology trends, new vendors and new solutions. Armed with this insight, they can effectively help organizations understand and manage existing and potential future risks and can knowledgeably evaluate technologies as they’re introduced into the business.

The most successful IT auditors are those who can strike this balance between providing risk assurance and imparting strategic advice that helps move the business forward.

A Look at Robotic Process Automation

Robotic process automation (RPA) is one of many emerging technologies rapidly gaining traction among enterprises. RPA presents both opportunities and risks for IT auditors.

RPA automates simple processes by following defined steps, particularly routine back-office tasks that require no (or significantly reduced) human intervention. Say, for example, a company implements RPA in its system access and provisioning processes for new employees. Traditionally, the request, review, approval and access provisioning require quite a bit of time and resources, as well as interactions with multiple systems, while at the same time introducing the risk of manual error. Automating portions of these activities shortens the provisioning time and reduces the risk of human error significantly. New employees get access to the system they need faster and can start being fully productive sooner.

Naturally, IT auditors need to be knowledgeable about RPA to provide the business with effective advisory and assurance input. This knowledge also fuels more informed decision-making and agile course-correcting when businesses need change.

Among other things, IT audit must evaluate whether each application of RPA is operating as intended. This is accomplished by looking at a variety of risk and control points, such as governance, performance, security, identity management, integrity and change management, among others. Ideally, the IT auditors would have been involved in the RPA project pre-implementation and would have helped integrate governance, risk and controls into the RPA process. At a minimum, IT audit should actively pursue opportunities to review previously implemented RPA use cases for appropriateness.

RPA also can help make IT audit activities more efficient and comprehensive. Auditors can use automation such as RPA to streamline and address gaps in processes and controls. Automating routine activities, such as data gathering, criteria evaluation and reconciliations, frees up IT auditors to focus more of their time and effort on anomalies and high-risk areas.

Analytics and Process Mining

Although they’re not new fields, data analytics and data mining have received greater attention of late with the focus on digital transformation. Process mining, a new breed of analytics solutions, is emerging and offers the potential of game-changing improvements in efficiency and insight. As with RPA, more organizations are exploring and applying advanced analytics such as machine learning, deep learning and natural language processing to their business operations.

Advanced analytics enable IT auditors to increase their risk coverage across a myriad of data. They can identify trends and predict areas of higher risk. Analytics help IT auditors implement governance that helps enforce accountability, demonstrate value and measure progress.

Similarly, using data output such as system event and transaction logs, process mining provides a deeper view into how a process is working. Such capabilities allow auditors to significantly streamline activities such as walkthrough, focus their attention on the areas of highest risk (e.g., non-routine methods of transaction processing) and get to the point of close-to-continuous monitoring of high-risk areas of the business. This allows IT auditors to help answer questions about what’s happening now and what might happen next, rather than to be able to report only what has already happened.

Closing Thoughts

Advanced analytics, process mining, RPA and other technologies are giving IT auditors the tools and knowledge they need to turn the traditional rearview approach to IT auditing on its head. In the digital era, IT auditors need to be proactive and embrace new levels of engagement and expertise that will help them add even greater value to the business.

References:

“Business and Digital Transformation’s Effects on IT Audit Groups,” ISACA and Protiviti: https://blog.protiviti.com/2018/04/05/business-digital-transformations-effects-audit-groups-new-research-isaca-protiviti.

“Transforming the IT Audit Function—Taking the Digital Journey,” ISACA Journal, Volume 1, 2016, https://www.isaca.org/Journal/archives/2016/Volume-1/Pages/transforming-the-it-audit-function.aspx.

 

Ashley Cuevas is a Director in Protiviti’s IT Consulting practice and based in the Houston office. She has a BBA in Information Systems and Decision Sciences with a concentration in Internal Audit from Louisiana State University.

Over the past 10 years, Ashley has worked with a variety of clients, mainly in the energy industry, performing various risk and business consulting projects, as well as IT internal audits. She has provided client services related to ERP implementation risk, configurable controls identification, segregation of duties, sensitive access, application security design, and security and change management process improvement. Additionally, she has led numerous SOX engagements.


Tags: Data AnalyticsMachine Learning
Previous Post

The Right Data Strategy for Staying Ahead of Evolving Compliance Requirements

Next Post

TRACE Podcast: Problems with Campaign Finance

Andrew Struthers-Kennedy

Andrew Struthers-Kennedy

Andrew Struthers-Kennedy is a Managing Director leading Protiviti’s global IT Audit practice. Based in the metro Washington D.C. area, Andrew works with clients to help drive efficiency, effectiveness and enhanced risk mitigation in their IT and business operations. Andrew works with clients across a cross section of industries to deliver outsourced and co-sourced internal audit services, as well as technology and risk management consulting services. Andrew is actively working with a number of organizations to establish the platform for delivery of next-generation internal audit services through the use of analytics, automation and other emerging tools.

Related Posts

abstract obscured data colorful

NIST’s Differential Privacy Guidelines: 6 Critical Areas for Secure Implementation

by Michelle Drolet
June 16, 2025

Standard de-identification methods remain vulnerable to sophisticated attacks, but differential privacy offers mathematical guarantees that scale with emerging threats

check engine light

What Gets Measured Gets Managed, but What Actually Matters in Compliance?

by Keshonda Walker
May 16, 2025

Looking beyond standard measurements to identify the quiet signals that help compliance teams address issues before they become crises

hidden value abstract

CCO Insights: How to Articulate the True Value of Your Compliance Program

by Kenneth Koch and Phillip Ostwalt
May 14, 2025

Benefits of robust programs aren’t always obvious, but buy-in remains critical

containerization concept

Are Your AI Containers Leaking Data? The CISO’s Guide to ML Endpoint Security

by Rahul Bagai
May 2, 2025

How to meet your obligations in the cloud's shared-responsibility model while preventing AI-specific attack vectors

Next Post
TRACE Podcast: Problems with Campaign Finance

TRACE Podcast: Problems with Campaign Finance

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights