Even though IT risks are on the Board’s agenda more than ever before, few Boards understand the full degree of their operational dependence on computer systems and the role that IT plays in shaping their firm’s strategies. It is therefore increasingly critical that Internal Audit (IA) focus their IT audit effort on the things that matter and communicate those issues in a way that the Board can understand them.
Our IT IA services can better enable your organisation and internal audit function, if applicable, navigate IT challenges, manage organisation - wide risks, and elevate the role of IA. Our IT IA services allow the stakeholders of your organisation to meet their responsibilities and accordingly address their concerns of the IT in your organisation.
Typical IT risks and potential impacts
IT Governance, IT Applications and IT Technical Controls are areas where typical IT risks arise and might have an adverse impact on your organisation. In particular, organisations are now more than ever depending on integrated systems. IT projects must ensure that there is a link between business and IT in order for the IT to deliver what business needs. New regulations may require the attention of your IT. The way organisations safeguard their information is coming under increased scrutiny. New and heightened threats, vulnerabilities, and greater uncertainty must be effectively managed.
Impact of failure
- IT risks are not identified, escalated and clearly communicated at Board level; history of failed projects.
- IT strategy not aligned with the business strategy.
- Regulatory sanction and reputation damage.
- Higher cost of compliance.
- Poor controls in key business systems can lead to poor quality management information, fraud and difficulties complying with regulation.
- Failed or delayed projects leading to increased cost.
- Benefits are not leveraged across the organisation.
- Critical business systems unavailable, financial loss through internal or external fraud, reputation damage, identity theft or regulatory sanction.
- Successful hacking attempts.
If you:
- Do not have an IT audit plan based on a framework that results in a complete, top down and risk-based scope of work.
- Are not confident that your Internal Audit department is able to identify IT risks and communicate findings in a way that these are understood and taken seriously by the Board.
- Do not have the skills and experience to deliver IT audit work across the business.
PwC can help you:
IT IA services help our clients extend their internal audit oversight and performance addressing IT risks as well as broader organization – wide business risks. We help connect IT and IA to gain a greater understanding of the risks and opportunities that come with today’s systems, applications and other technologies. Our talented practitioners possess the necessary business and technical skills that enable us to deliver assessments in the areas of IT Governance, IT Applications and IT Technical Controls.
