IT Upskill
#Internalauditors can help with strategic decision making. Especially with emerging technologies, it helps to have a deeper understanding of #IT infrastructure. Whether decisions entail to opt for Software as a Service (Saas) or a more combined version of Infrastructure as a service (Iaas).
There are also options for IT frameworks. IIA developed an internal control framework for e-business- eSAC’s IT business assurance objectives that fall into five categories:
?
1.??????Availability
2.??????Capability
3.??????Functionality
4.??????Protectability
5.??????Accountability
?
Then there are the more commonly known frameworks such as COSO and COBIT. Frameworks such as these are generally adopted by larger organisations for greater assurance on their IT processes, because they have a higher risk of being exposed to cyber-attacks and feel the need to mitigate fraud risks or simply to maintain stakeholder satisfaction.
?
Although with such destructive economies, it has become imperative that all firms are aware of #safeguarding their data. Especially in terms of maintaining confidentiality to the access of information by defining role-based access. Data integrity to protect it from any changes or corruption. Data availability and its compliance with relevant laws and regulations.
?
Data Analytics is not just a buzz word, it is a vital analysis process.
领英推荐
1.??????Descriptive analysis – what is happening?
This is perhaps the easiest for firms to identify exceptions, duplicates, gaps and provide a way forward.
2.??????Diagnostic analysis - why it is happening?
Here firms can take the help of internal auditors to bring a fresh perspective.
3.??????Predictive analysis
Is future oriented and addresses what will happen.
4.??????Prescriptive analysis
Also goes a notch higher to understand what should be done. This again applies for bigger firms who build test scenarios using mathematical numbers, data, business rules etc.
Terminology is something we have all grasped well by now with regards to viruses, worms, ransomware, trojan horses, phishing, and identity theft, but it is important to align these risks with the Firm’s #riskappetite. Regular training sessions need to be conducted to create further awareness of these cybersecurity risks and threats, which then enhances the overall effectiveness of the Firm. Some basic controls which we advise for all our clients are:
1.??????Continuous updates and patches to operating systems.
2.??????Running systems with administrative privileges.
3.??????Antivirus software. It scans both incoming and outgoing data.
4.??????User Identification and authentication, and use of screensaver
5.??????Privacy Policy including device tampering and mobile device management
?
There is a shift from application controls to IT general controls to accommodate tactical goals and the use of #technology as an enabler for marketplace differentiation. The roles and responsibilities for the leadership team, management, IT team and internal auditors need to be assigned.?