Acquiring and managing the critical information necessary to make timely decisions in organizations today means employing best practices in information technology. BDO's Information Systems (IS) Assurance practice works with clients to identify the best technology for their needs and to help maximize its usage to achieve desired results.
Organizations are increasingly embracing more complex and sophisticated technology solutions in an effort to provide a wider suite of services, reach more customers and drive greater efficiencies. Internal audit functions must draw on expertise to ensure the right technology risks are identified and related controls assessed, including cyber security, changing data privacy agenda, growing technology resilience dependencies, challenges with implementation of digitalization across the business. The risks associated with such solutions are significant, and if not addressed can result in severe impacts on operations with associated adverse reputational impacts, costs, and in some instances, regulator intervention.
In such circumstances, Boards and Audit Committees are often held to account and are challenged over whether appropriate and deep insights were obtained to help evaluate the technology risks – principally the risk to the ongoing confidentiality, integrity and availability of systems and data - is being effectively managed. Understanding these risks is critical to ensure that the right countermeasures are in place and operating effectively. Internal Audit therefore has a fundamental role to play in reviewing and assuring the way in which an organization evaluates its technology risks and controls.
At BDO we have a dedicated IT Internal Audit team well versed in assessing traditional and emerging technology risks and support audit functions when undertaking annual IT audit planning (including the production of the IT audit plan itself). We have a formal IT risk evaluation methodology to ensure the assessment of risk is both consistent and comprehensive, drawing upon deeper skills within the team as required (for example, cyber security threat intelligence).