IT Internal Audit Effectiveness

An IT Internal Audit department always has the risk of becoming mired in routine computer control functions, which don't change very much and are generally quite controllable anyway. Auditing conventional computer controls by rote can lead to a very ineffective IT audit function.

What is more important is to align the audits with the overall risk assessments of the enterprise. The IT audit function has a lot to offer in this area. It is an interactive process, with the auditors using the risk assessment as a guide and also providing input on areas where it can be improved.

Deloitte has published a series of CEO reports, one of which deals with the effectiveness of an IT Internal Audit (IT IA) function. The booklet provides numerous examples of risk areas that should be considered for inclusion in the audits, They include contract compliance, green IT, adaptability readiness, and readiness for upcoming regulatory changes. The guide also suggest strategies for using continuous monitoring techniques to improve the audits.

It is an excellent guide and is available on the Deloitte website for free download.