Types of Technology Risks
There are various risks that most companies as prone to which may be managerial or organizational risks. The risks that face most organizations today are related to technology. Technology is growing rapidly and companies can’t escape the fast growth. In this case most companies have to integrate technology in the business processes. Some of the areas that the auditors pay close attention include: cybersecurity, social media, data privacy, information security among others. The audits are performed in order to companies to have the potential to deliver the setbacks to the companies. The technology in growing quite face and most companies today are facing more challenges in the daily business process if not able to manage the risk the companies could encounter.
There are methods for audits that help the organizations manage the organizational and managerial risks related to the technologies. The auditors ensures that the financial statements of the company are maintained. In case the auditors fail to identify fraud in the companies, the auditors may be deemed guilty. The fourteen accounting scandals in the report given affect the companies or some have affected the auditors who did not identify the frauds (OpinionFront, 2018).
Social media organizational risks which require an IT audit and control. One of the threating factor in most companies. Social media account for various companies is likely to be attacked by hackers who infiltrate the accounts. The companies also tend to disclose the financial information on platforms such as Twitter and Facebook. Many potential investors tend to visit the social media for the reports and acquisition announcements. If the hackers may change the information disclosed to the public the companies may be at risk. Other risk related to social media include: compliance risks, reputation risks and cybersecurity and fraud.
Outsources IT services is another risk that required to be audited and controlled. The outsourced IT services tend to bring great help to companies but may also result to fraud in the companies. The auditors ensure that the company is compliant with the contract as agreed upon.
Data is managerial risk that also require IT audit. Every company deals with data. The data include the financial information and much more important information relating to a company. Most companies experience the risk of data breach risk. Audits activities related to IT specialist tend to conduct some scans, penetration testing of the systems and also conduct an audit on the network architecture used in a company to determine the compliance with the network policy and procedures.
Audit Methodologies
Information Security is another risk encountered by companies. Most companies have critical information that is not disposed to every person. Companies must ensure that the information is secure by performing vulnerability scans and reviewing of the access control process used.
Finally the emerging technologies. The auditors provide guidance on risks that they may encounter on integrating the emerging technology in the business and provide control requirements in case the new technologies are evaluated before implementation.
The risked mentioned are to be performed by IT specialist to ensure that the companies are safe from the risks. In cases where the companies have been affected, the auditors should identify the risk and inform the company’s owners about the potentials risks identified. In this way the companies will manage the risks.
The audit methodologies include: IDKK IT Audit methodology and project management methodology audit. The IDKK IT Audit methodology uses a top bottom approach. The methodology is risk-oriented. There are several phases included in the methodology. The phases include planning, verification and testing and the reporting phase. The planning phase involves the understanding of the organizational structure and the operations in the organization. The auditor evaluates the regulatory environment and makes a preliminary risk assessment. The verification and testing phase involves the procedures and the objectives of the control activities. The application controls should be effective, and ensure integrity, availability and confidentiality. The final phase is the reporting phase. The reporting phase involves the conclusions from the methodology used.
The project management methodology audit involves assessing of the design of process used in the management of various projects. In these case the projects are not assesse but it is the controls and processes that are assessed.
Post implementing auditing is done after the onsite work. It involves drafting a report which is reviewed by the company being audited for accuracy. The report is the distributed to the senior management according to the company requirement. After the report is one an action plan to inform of the risk is done. After the report is done, it is the responsibility of the company management tean to decide of the action to take based on the report given.
The IT controls can be classified into governance, management and technical. The Governance classification of IT controls involve the policies. Policies include the goals and the objectives of an organization. In cases where an organization has no clear goals and objectives, the organization is likely to become disoriented and perform poorly (Moeller, 2013). The management classification of IT controls involve: standards, organization and management and physical and environmental controls. The organization should have an IT blueprint that tends to fit in all the IT policies and standards. Following the right standards will leads to efficiency in a business. The organization and the management plays a major role in an IT department in a business. The organization and management affect the IT controls in terms of segregation of duties, financial controls and change in the management. Finally, the technical classification involves the system software controls, system development controls and the application-based controls. The system elements should work effectively, efficiently and with integrity.
IT Controls Classifications
There is a great impact on business daily operations to enhance the system effectiveness. The IT controls enhance information confidentiality, integrity and availability. Critical information in the system is maintained confidential with the use of controlled access in the system modules. The IT controls enhance information integrity. Data in the system should be accurate and complete to enable reliability in reporting. Finally, the IT controls enhance information availability. The system should have the ability to recover from data losses and corruption of data. Real-time data is also available.
The organization security controls includes developing and setting policies, standards and procedures by the management teams that can be adopted in all departments within the organization. The standards set should meet the national and international standards.
The authorization controls involves screening of personnel and conducting security awareness training among the employees. The authorization control involves efficient implementation of evaluated changes in the controlling of the procedures. In case of any risk that could be encountered the authorization controls should evaluate the possible changes and implement the changes in the company.
The operation controls should ensure that all people comply with the set rules and regulation. The employees should work towards achieving the goals and the objectives.
The file and networks controls involve security in the network configuration and infrastructure management by installing antivirus in the devices. Enhancement of use of strong passwords in the authentication and using monitoring system to detect intrusion in the system. The system should log out in case it detects inactivity for a certain period. The data should be backed up at various intervals.
The requirements of audits includes a plan of the investigation, evidence collected, a report and court proceedings. The IT audits is required to have a well laid plan on how to carry out the investigation. This involves identifying the fraud, understanding when the fraud happened, how the fraud was hidden and quantity the loss or damage done as a result of the fraud. Collecting of the evidence is required by showing how the fraud was committed and identify the loopholes that resulted to the fraud. The IT auditor should make a report that is to be present to a client. The reports should also depict the recommendation on how the company should prevent future frauds from occurring. The IT audit then follows court proceedings. The court proceedings explain the evidence identified.
The corporate financial reporting are does quarterly or monthly to showcase the health of the company. Bothe the IT audits and corporate financial involve data. The IT audit will involve audit in all the data in the company where else, the corporate financial reporting involves the financial data only.
Due to the high rate of emerging technologies the IT auditors have also more aggressive when it comes to IT auditing. Mainly the security and the privacy issues are becoming a big threat to most organizations. Today most companies upload the data to the cloud whereby they may have not full control of their data. Data is a critical asset for every organization. The customers tend to become more sensitive as they tend to upload the credit card information and other confidential information. The data tend to exposed to untrusted environment. To avoid the potential fraud that organization and the audit firms should create strict policies that all employees adhere to. The IT auditing and controls should ensure that the confidential data is encrypted when store on the cloud. Firewalls and antivirus software should be installed in the system by the organization and continuous monitoring of detection of intrusion should be done by the organization.
Any decision made in the organization should bind with the strict policies and standards set.
The professional responsibilities of an IT auditor involves the issues in the security, infrastructure and protocol. The IT auditor develops a plan to perform the audit test, identify the critical risks in the IT systems and finds possible solutions to the risks identified. The IT auditor is also responsible for the hardware and software upgrades in an organization. The IT auditor should maintain an audit documentation that is clear and complete.
Apart from the professional responsibilities the IT auditor has the legal and ethical responsibilities. The responsibilities include: adhering to the policies and standard set by the company, coordinating the teams in the organization to get the input for audit process and giving an audit report that is not biased on any party in the organization.
References
OpinionFront. (2018). 14 Biggest Accounting Scandals of All Time That You Cannot Ignore. [online] Available at: https://opinionfront.com/biggest-accounting-scandals-of-all-time [Accessed 12 Sep. 2018].
Moeller, R. (2013). It audit, control, and security. Hoboken, N.J.: Wiley.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
