Everybody's business

Internal Auditor, August, 2008 by David Salierno

VIRTUALLY EVERY TYPE OF AUDIT IS AFFECTED BY TECHNOLOGY, regardless of whether client operations are considered tech-specific. Technology is so integral to most business operations, in fact, that it's nearly impossible to name a process or activity that doesn't require some degree of IT. To some extent, then, IT is every auditor's business, and not just the domain of technology audit specialists.

One technology challenge facing many auditors is determining what areas of IT are most important. To that end, "Top Tech Priorities" on page 38 presents several internal auditors' thoughts on current IT priorities, referencing a technology initiatives survey conducted by the American Institute of Certified Public Accountants. Among the top areas of concern cited are information security management, IT governance, and business continuity management. While opinions differ on the exact order of some priorities, there is considerable agreement on which items overall merit inclusion in the "top IO."

Of course, to tackle technology challenges adequately, auditors must ensure they have the appropriate skills for the job. According to The IIA's recent Common Body of Knowledge survey, for example, use of computer-assisted audit techniques is expected to nearly double over the next three years, making this an important skill area for practitioners to consider. In addition to audit-specific tools, however, auditors need to understand the technology used by the clients they serve. In fact, this is perhaps a more significant concern, given the number of systems, applications, and devices maintained across the organization. "IT Skills for Internal Auditors" on page 44 explores this challenge and discusses other specific IT competencies audit generalists should possess.

Beyond addressing current demands, auditors must be prepared to support the technology issues that, while not yet impacting their work, will soon require audit attention. Extensible business reporting language (XBRL) may constitute one such area, particularly for U.S. auditors. As author Liz Fisher reports in "The XBRL Engine Builds Speed" (page 50), U.S. adoption of XBRL has been slow compared to other countries. A recent Compliance Week survey, in fact, suggests that many U.S.-listed companies are barely aware of the reporting standard, despite proposed rules from the U.S. Securities and Exchange Commission that would require them to use it. Fisher's article examines this emerging issue and discusses what the requirement could mean for audit practitioners and their organizations.

Lastly, to help further navigate the ever-changing world of IT, we welcome Steve Mar as the new editor of our "Tech Forum" department. Steve is an IT audit, security, and controls consultant with Resources Global Professionals in Seattle and has more than 25 years' experience in IT auditing. We're excited to have Steve on board as a regular contributor and look forward to sharing his expertise with you in each issue.