The Biggest Problems With Information Technology Audit, And How You Can Fix It

  • Home
  • zone
  • IT Audit
  • The Biggest Problems With Information Technology Audit, And How You Can Fix It
Problems with IT Audit

Problems with IT Audit

As technology and innovation maintains an upward thrust in our constantly evolving world of today, Information technology has rapidly become a very vital part of the growth of businesses at different scales and by extension the economy. The activities of Information technology is synonymous to that shiny Ferrarri f8 tributo that goes from 0 –100 km/h (062 mph) in 2.9 seconds…..Amazing right? But then crashes without a good brake system. Here’s where Information Technology Audit (called Information Systems Audit in some fora) thrives…applying the brakes when the speed is getting out of hand to maintain balance.

These two fields complement each other so well, but I’ll be dwelling on the latter in this work of art, bringing to the fore some of the challenges faced by the good folks in this field and possible ways to crush them.

After a series of surveys and extended research, studies have made it known that there are problems faced by Information Technology Auditors. Out of the problems stated, research was able to identify the major ones that keep IT, auditors, on their toes.

They are:

  1. Getting the right and in-demand skills
  2. Constant Change in strategies innovations and management
  3. Working hand-in-glove with the Technology team
  4. Scarcity of tools that support the trade
  5.  Cybersecurity and privacy

Let’s dive right in

  1. Getting the right and in-demand skills:  The need for specialists in the Information Technology Audit field can not be overlooked. Unfortunately, most of the individuals out there are more generalists than specialists. A fine understanding of the audit areas in scope is required to ensure the report of the audit exercise is value adding to anyone who is consuming the report (mostly auditees, management and board). Areas like cybersecurity audit, data analysis (GL Integrity and Revenue Assurance), cloud security audit, audit of RPA amongst others can only be handled by certified specialists which surprisingly is of high demand with a very limited supply.
  2. Constant Change in strategies innovations and management: Keeping up with constant innovation in the Information Technology world is a rather herculean task for IT auditors. Constant introduction and adoption of new tools, a new method of operations, as organizations are constantly looking towards business process efficiency and new strategies to deploy. One thing always evaluates true in the aforementioned situations, with change comes risks that need to be evaluated before they crystallize. These create constraints on the audit plan and possibly the resources needed to ensure that controls layered are effective.
  3. Working Hand-in-Glove with the Technology team. *Lol* Just like Thomas and Jeremiah are always at each other’s throats, but still have to live together, the exact same way the tech bros and the IT audit guys within the context of an organization function. Nobody likes stress (the tech bro) but I have to give assurance (IT audit guy). The go-between always put these two guys at loggerheads.
  4. Scarcity of tools that support the trade: In mainstream Information Technology audit, the proverbial fat lady never sings when complaints related to automation of some technical jobwise audits. This is particularly a challenge because priority sometimes isn’t placed on their activities as the function is perceived as not really adding to the cash flow of the business, which is the only visible way the “big boys” (management) perceive things, neglecting the fact that security-related incidents which could wipe off the so cherished cashflow can arise.
  5. Cybersecurity and privacy: Ironically, a major threat in the information assurance world is cybersecurity. The emergence of hackers and other online criminals with evolving TTPs have denied a lot of IT auditors their sleep. The race to create a super safe data structure is tasking.
  6. Check: Social Engineering: The persuasive art of deception

 How can these problems be fixed?

Since it is a known fact that technology will keep evolving and innovations will keep occurring. To find a fair middle ground, there is a need for:

  1. Constant growth in terms of skills, knowledge and expertise: IT auditors need to see reasons to grow to become specialists. IT companies should invest in their workers by giving room for more growth.
  2. Update in policies, processes and technology in such a way that will make them formidable to external threats and risks that come with constant transitioning to new strategies.
  3. Always seek to add value at any point of interaction with stakeholders and be seen as supporting their business.
  4. Having tools is always a challenge, but to a knowledgeable IT auditor, a script here, a script there will keep the “automation” song away.
  5.  IT companies should maximize their resources (human and money) in a way that they can effectively take on some challenges when they arise.

So, it’s a wrap. I’ve been able to establish that while these scary challenges exist, there are also quick ways out of the rabbit hole.

Be kind to drop your insights in the comment section where the real fun happens. See you there!!!

Downlaod this Article

[hubspot type=form portal=8577853 id=67aaad7a-b87a-4cfb-bf68-32b9d7b884d1]

Leave A Comment