1. Home
  2. Lainnya

Benefits of internal IT auditing

Benefits of internal IT auditing

In contrast to the compliance focus of many types of external audits, internal audits are driven in large part by an organization’s desire to find operational weaknesses, discover any deviations from established policies or standards, assess effective- ness, and identify opportunities to improve operational processes and capabilities where possible. As emphasized in Chapter 2, IT audits differ from other types of assessments or analyses in that an audit compares what the organization does to an explicitly defined set of criteria, whether those criteria represent internal policies and procedures, externally defined standards or certification requirements, or legis- lated rules and regulations. Beyond mandatory internal audit requirements applica- ble to many publicly traded companies, the rationale for establishing and operating internal IT audit capabilities commonly includes objectives such as:

supporting corporate IT governance, risk management, and compliance programs;

verifying adherence to organizationally defined policies, procedures, and standards;

satisfying requirements to achieve or maintain process maturity, quality management, or internal control certification;

adding formality to or increasing the rigor of self-assessment processes and activities; and

preparing for or “shadowing” anticipated external audits. Although internal IT auditing often requires a substantial investment of

resources, in many organizations the potential benefits to be realized from conduct- ing effective, well managed IT audits justify the resource commitment. Establishing an internal audit program is required for some organizations, in which case the desire to comply with legal or regulatory requirements may provide sufficient moti- vation. Where internal IT auditing is discretionary rather than mandatory, organi- zations are more likely to realize the potential benefits from audit activities if they have committed to enterprise management functions such as IT governance or risk management, both of which make use of IT auditing and audit results to inform the selection and operation of internal controls. Maintaining an effective internal audit- ing program also helps organizations demonstrate adherence to the principle of due care by showing that they are acting in a competent and diligent manner with respect to operating and maintaining their internal controls. Providing evidence of due care offers information of potential importance to investors and business partners and may also offer legal protection in disputes over liability or business practices.

Compared to external auditing, organizations have more flexibility to structure their internal IT audit programs to suit the needs of the organization. In IT auditing contexts where both internal and external audits apply, some organizations may pre- fer to forego internal auditing and instead rely on the work of external auditors to provide information about their IT operations, controls, or compliance. Even where both types of auditing address the same subject matter, there are several potential

Internal Audit Challenges

advantages to using internal audits, in combination with or (where feasible) instead of external audits. These advantages include the ability to leverage auditors and other personnel who are familiar with the organization, its mission and business objectives, and its operations. External auditors—even those who conduct audits of an organization on a repeated basis—rarely develop an understanding of the organi- zation’s processes and controls that can match the knowledge and organization- specific experience of internal auditors. Another beneficial aspect is that internal auditing allows organizations to review audit results (positive or negative) and plan necessary responses without the outside scrutiny or publicity that might accompany external audits. Similarly, performing an internal IT audit to help prepare for an anticipated external audit often gives organizations the opportunity to implement corrective action to remedy weaknesses or deficiencies that would presumably have been identified by external auditors.

Dokumen yang terkait

Food and Nutritional Toxicology

0 1 308

POTENSI EKSTRAK DAUN PINUS (Pinus merkusii Jungh. et de Vriese) SEBAGAI BIOHERBISIDA PENGHAMBAT PERKECAMBAHAN Echinochloa colonum L. DAN Amaranthus viridis. ( Potencies of Pine leaf Extract (Pinus merkusii Jungh. et de Vriese) as Bioherbicides for Geminat

0 0 9

Chapter 4 The Study of Chemical Reactions

0 0 44

TUGAS 9 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “CARA PENYUSUNAN INSTRUMEN EVALUASI MEDIA DAN CONTOH ANGKET MEDIA PEMBELAJARAN” OLEH VEFRA YULIANI (14175036) KELAS A DOSEN PEMBIMBING: PROF. DR. FESTIYED, MS DR. USMELDI, M.PD PENDIDI

0 0 14

TUGAS 3 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “TEORI PEMBUATAN MEDIA PRESENTASI YANG KREATIF, EFEKTIF, EFISIEN, MENARIK SERTA INTERAKTIF UNTUK PEMBELAJARAN” OLEH KELOMPOK 5 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: PROF. DR. FEST

0 1 25

TUGAS 2 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS ICT “PERKEMBANGAN PEMBELAJARAN BERBASIS IT TERKINI” OLEH KELOMPOK 4 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: Prof. Dr. Festiyed, MS Dr. Usmeldi, M.Pd PENDIDIKAN FISIKA PROGRAM PASCA SAR

0 0 26

PUSAT PENELITIAN OSEANOGRAFI LIPI CORAL REEF REHABILITATION AND MANAGEMENT PROGRAM (COREMAP) Phase II Coral Reef Information and Training Centers (CRITC)

0 0 79

OPTIMALISASI JUMLAH PEMBERIAN KONSENTRAT PADA PROGRAM PENGGEMUKAN SAPI PERANAKAN ONGOLE (PO) The optimum amounts of concentrate applied on the feedlot program of the male Ongole Cattle (MOC) Hybrid

0 0 7

LOGICAL Type and Variables

0 0 48

The elements and principles of graphic design used in desktop publishing

0 0 65