Organisations are increasingly embracing more complex and sophisticated technology solutions in an effort to provide a wider suite of services, reach more customers and drive greater efficiencies. Internal audit functions must draw on expertise to ensure the right technology risks are identified and related controls assessed, including:
· Changing data privacy agenda
· Growing technology resilience dependencies, and
· Challenges with implementation of digitalisation across the business.
The risks associated with such solutions are significant, and can result in severe impacts on operations if not addressed. Understanding these risks is critical in order to ensure that the right countermeasures are in place and operating effectively. Internal Audit has a fundamental role to play in reviewing and assuring the way in which a business evaluates its technology risks and controls.
At BDO we have a dedicated and experienced IT Internal Audit team who assess traditional and emerging technology risks and support audit functions when undertaking annual IT audit.
We have a formal IT risk evaluation methodology to ensure the assessment of risk is both consistent and comprehensive.
The methodology recognises six main areas of IT risk:
Behind each risk sits 32 sub risks each of which can be separately evaluated and used to benchmark an organisation’s maturity in the operation of mitigating controls.