Traditional lines separating business audits and IT audits are disappearing. Today’s enterprises rely on cloud-based platforms, digital workflows and automated systems to drive everything from HR onboarding to financial reporting, sometimes with minimal human intervention. Mary Carmichael’s recent ISACA Journal article explores how this shift is reshaping audit practice and why a new mindset is essential for auditors striving to provide meaningful assurance.
With technology-enabled systems increasingly responsible for delivering key outcomes, risk has migrated from manual processes and individual transactions to system design, configuration, integration and control logic.
Auditors can no longer afford to treat technology as a separate domain and must evolve with the digital workplace. Risks extend beyond data breaches and cyber threats, and are now embedded in automated decision-making, third-party dependencies and governance gaps created by rapid digital change. Auditors need to move beyond reviewing outcomes alone and scrutinize how those outcomes are produced by the underlying technology.
New approaches, like full-population analytics, continuous monitoring and AI-assisted workflows, are replacing sampling and periodic review. The latest update to ISACA’s IT Audit Framework (ITAF, 5th Edition) helps audit professionals align practices with the digital operating environment, encouraging integration, ongoing risk assessments and recognition of technology’s role in enabling business objectives.
The audit profession’s ongoing challenge is to align the scope and timing of assurance with these new digital realities. Audit practitioners must ask themselves questions like, “Where is the outcome generated: through human decision-making or system logic?” and “What assumptions about system behavior, data quality or automated decisions have not been tested?”
ISACA members can read Mary Carmichael’s full ISACA Journal, vol. 3, article on this topic here.