ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Shifting Technology Landscape Positions Auditors for Greater Impact

Shifting Technology Landscape Positions Auditors for Greater Impact

Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, Vice Chair of ISACA board and Vice President of Global IT Risk Management for Oracle Corporation (USA) 
| Posted at 7:52 AM by ISACA News | Category: Audit-Assurance | Permalink | Email this Post | Comments (3)

Brennan P. BaybeckEnterprises are exploring opportunities driven by digital transformation, identifying technology-driven paths to deliver more value, more quickly, while also benefiting from new process efficiencies. IT auditors must do the same to ensure they remain valued partners by the organizations for which they work.

As enterprises increasingly harness technologies such as artificial intelligence and data analytics – and deploy methodologies such as Agile and DevOps – the IT audit teams of the future would be well-served to mirror this approach if they wish to thrive amid the business technology landscape of the future.

Traditional auditing methods need to be revisited to more directly align with how businesses are operating, so audit teams are living what they are auditing instead of operating in parallel universes from their business partners. If auditors are going to audit areas like DevOps or Agile, it stands to reason that they should have direct familiarity with those methodologies. Not only would that background allow auditors to deliver deeper, more meaningful audits by better understanding the practitioner view, but auditors also would realize many of the same business benefits that motivated their colleagues to adopt the methodologies in the first place. For example, one of the main benefits the business is realizing is faster development of key capabilities. Auditors could realize that same benefit of quicker development and release in areas that have long been challenges in the audit field, such as faster development of audit programs and reporting, and more comprehensive, automated audit testing procedures.

While IT auditors have a proud, longstanding tradition of making strong contributions to their organizations, auditors are seldom known for being on the leading edge of pursuing new technical capabilities or finding innovative approaches to performing their work. That will need to change, at least to some extent, if IT auditors are going to remain indispensable in a future in which automation, artificial intelligence and other emerging tech trends will dictate changing roles for auditors and, in some cases, potentially put auditors’ roles in jeopardy.

New ISACA research on the future of IT audit highlights several compelling data points that provide perspective on how auditors and their organizations need to prepare for the changing nature of the IT audit profession. Among the notable data points:

  • Two-thirds of survey respondents (67 percent) observe difficulty recruiting auditors with the required technical skills
  • Nearly half (47 percent) expect that IT auditors will be significantly more involved in major tech projects in the next 3-5 years
  • An overwhelming majority (92 percent) express optimism when considering how technology will impact them professionally over the next five years

Organizations might not always be able to find the auditors with the technical skills they’re seeking immediately, which makes it even more important that they prioritize investing in education and skills-building capabilities as part of an ongoing strategy. That strategy needs to not only account for the conceptual, but also focus on the specific technologies and methodologies their audit teams need to understand. Given the rise of cybersecurity as a business imperative across all industries, auditors would be especially wise to pursue additional auditing cyber knowledge for how to better assess data protection and controls around key business processes. There is much work to do on the training front; the ISACA research shows that more respondents consider funding for training and professional development to be inadequate than those who say it is adequate. If organizations fail to remedy that in this evolving technology environment, their audit teams are likely to fall behind.

Traditionally, audit training has focused mostly on learning about emerging technology topics just prior to planning and performing an audit. While still important, this will not address the needs of the future. Similar to the IT business partners that auditors assess, the audit field should also focus on developing skills such as coding and testing, and areas such as AI and data analytics. These are skills and capabilities that audit teams will require in order to effectively perform their charter in the future. If the current auditor is not capable of adapting with these new skills, then the audit team will be required to find the person with those skills. This could be accomplished by seeking these capabilities from other talent pools, such as developers, co-sourcing or even complete outsourcing, which our research also has identified as trends.

Generally, respondents to the survey are right to be enthused about the future of IT audit. The coming years hold great promise for IT auditors, as an ever-expanding array of technology projects will benefit from auditors’ conscientiousness and unique ability to identify the process improvements and capability gaps that can make or break a project’s success. The more progressive audit teams, and the ones that will be best positioned to thrive in the future, are those that will proactively adopt the technologies and methodologies that their business partners are deploying, and those that commit to executing on a vision for continual training and education. Just as the digital transformation era is poised to enable organizations to better serve their customers and business partners, the same can hold true for the audit function.


Great advice

Well said excellent advice for IT auditors and auditors in general, a more proactive approach is essential and lacking in many groups. Michael
Michael P Cangemi CPA at 2/26/2019 8:05 AM

On the spot...

If developing IT audit capacity and capability is important, Why then this is not a priority to many organisations?

Michael, would you perhaps advice about the competency framework that will support this transition, as well as sharing an up to date IT Audit curriculum.

Kind regards
Jacob932 at 3/10/2019 9:25 PM

On the spot...

Brennan P. Baybeck, thank you for the insights.

Would you perhaps advice if there is a competency framework that is supporting the transition as well as sharing an up to date IT Audit curriculum if available.

Kind regards
Jacob932 at 3/11/2019 9:08 AM
You must be logged in and a member to post a comment to this blog.