THE IMPACT
OF ICT AND THE MINIMUM SKILLS REQUIRED IN
INFORMATION TECHNOLOGY (IT) FOR ACCOUNTANTS
AND INTERNAL AUDITORS
The Institute of internal Auditors Advanced
Technology Committee has identified 2 categories
of IT knowledge for Internal Auditors;
1. All auditors from new recruits
to Chief Audit Executive
“Basic” IT knowledge encompasses
understanding concepts such as difference
in software used in applications,operating
systems,database and networks. It includes
understanding basic IT Security and Control
components such as perimeter defences, intrusion
protection, and authentication and application
system controls.
2. Audit Supervisors
Must have basic knowledge, but must also
understand IT issues and elements sufficiently
to address them in audit planning, testing,
analysis, reporting, follow up and the assignment
of auditor skills to the elements of audit
projects. The Audit Supervisor essentially
must:
1) |
Understand
the threats and vulnerabilities
associated with automated
business processes. |
2)
|
Understand
business controls and
risk mitigation that is
provided by IT. |
3)
|
Plan and supervise Audit
tasks to address IT-related
vulnerabilities and providing
controls for business applications
and environments. |
4) |
Ensure the audit team
has sufficient competence,
including IT proficiency,
for audits. |
5) |
Ensure the know-how and
effective use of IT tools
in audit assessments and
testing. |
6) |
Approve plans and techniques
for testing of controls
and information. |
7) |
Analyse symptoms detected,and
relate them to causes that
may have their sources in
business or IT; planning,execution,operations,change
management,intrusion protection,authentication,or
other risk areas. |
8) |
Provide audit recommendations
based on business assurance
objectives appropriate to
the sources of problems
noted rather than reporting
on problems or errors detected. |
|
|
|