De-mystifying IT audit for business auditors – stop being afraid of the black box.
ACCA UK's Internal Audit Network held a series of seven webinars on de-mystifying IT audit for business auditors earlier this year. The series started in May and concluded in November with a webinar about the General Data Protection Regulation (GDPR). It featured three main presenters - Vincent Mulligan FCCA (IT Audit Consultant at Eisteoir Consulting Ltd), Mike Hughes CISA, SGEIT, CRISC and Steve Connors CISM, FIPA, FFA (both partners at Haines Watts).
Watch any of these webinars now by registering here.
Introductory session As accountants and auditors, we recognise the importance of information technology (IT) for organisations and that the examination of the management controls over IT and the management of information are an essential part of a review of those organisations. In this introductory session, we will consider some of the ways we organise ourselves and the approaches we adopt to conduct these reviews.
IT General Controls ITGC or General Computer Controls (GCC) relate to the environment that supports our IT applications and that are therefore applicable to all applications. In this session, we will consider the nature of these ITGC, the challenges we face reviewing them and the approaches we can use to audit them.
Application audit review Application controls are controls that we have implemented over our application systems to ensure they operate as intended and ensure the accuracy and completeness of the data, calculations and records. In this session, we will consider the types of these controls and the approaches we can use to audit them. Infrastructure audit review IT infrastructure consists of the hardware, software, network resources and IT management services that we leverage to deliver the IT environment that supports our organisations. As the complexity of our IT environment increases and our dependence on IT grows, providing assurance on the effectiveness of the controls over these assets and services is critical to management and other key stakeholders. In this session, we will consider how we can effectively review IT infrastructure and the organisations and processes we have put in place to manage it.
Integrating IT audit into the business audit We use our information technology to support our business processes therefore it is logical that we consider the key controls we have implemented to manage the financial, operational, organisational, IT and other key risks that impact on that business process or function. Integrated reviews which leverage the skills and experience of multi-discipline teams allow us to provide assurance across these key risks. In this session, we will consider how we can effectively organise and implement integrated audits.
How to audit cyber security As our organisations take advantage of the opportunities of the internet and digital technologies and implement ever-greater connectivity with our customers, vendors and other stakeholders our exposure to a wide range of cyber threats grows. As the expectations of our key stakeholders including our boards, management and regulators for assurance over the effectiveness of the controls managing these risks grow we will consider how we can deliver cyber security audits.
General Data Privacy Regulations The EU General Data Privacy Regulations (GDPR) were adopted on 27 April 2016 and will become effective on 25 May 2018 after a two-year transition period. This will replace the current 1995 directive and will affect all organisations that process EU citizens' data. As the deadline for compliance approaches we will consider how you can understand the impact of this regulation on your organisation and assess your organisation’s compliance readiness.
Watch any of these webinars now by registering here