Evolving Role of IT Auditing in a New Paradigm

By: Ahmad Awad

Through the first decade of the 21^st century, we have witnessed great progress in technology and huge dependence on high-end information systems for handling the various aspects of the business. With this big shift, the threats of cyber-attacks and other information security risks have exponentially multiplied. According to Cybercrime Magazine statistics, USD 6 Trillion was estimated as the globally total damage of cyber security crimes in 2021, and it is expected to grow by 15% per annum reaching an anticipated value of USD 10.5 Trillion over the next five years. Furthermore, according to the “Cost of a Data Breach Report 2021”, lost business, defined as increased customer turnover, lost revenue because of system downtime, and the increased cost of trying to acquire new business due to damaged reputation represented the largest share of breached data costs at 38% of the overall average cost of a data breach incident. The consequences of data breaches have become so significant that it not only affects the financial well-being of the company but also affect the business operations and ultimately the company’s reputation.

The Digital Economy…

As more and more people come to terms with remote operations during the COVID19 pandemic, the digital presence of individuals and businesses grew massively. This included daily communications on social media platforms, official meetings via Zoom, Teams, and other virtual meeting platforms, to electronic payments that could be made via online banking and mobile applications. In addition, cloud computing, and storage enabled remote management of numerous tasks, and video streaming has become more prevalent. As a result, exposing the organization to further information security risks and threats is on the increase, and auditing a company’s IT systems for vulnerabilities has become a common demand by businesses. With an ever-growing number of regulatory compliance and industry standards to be adhered to, an additional onerous burden on an enterprise’s IT infrastructure is being created. Furthermore, organizations are spending billions of dollars on IT infrastructure and software, adding an extra burden to already constrained resources.

Auditing of Digital Transformation…

The massive developments taking place in all aspects of the IT economy are having a major impact on the role of the IT security specialist. Questions that are consistently on the minds of CEOs and should probably be on the minds of those conducting IT audits include; “What type of protection should one implement for the systems?”, “How can one protect the infrastructure, information, and brand against data fraud activities and cyber security attacks?”, “Are the business workflows designed and functioning properly?”. These are but a few of the questions that plague the minds of business owners implying that IT security is a common discussion point amongst Executives and probably the Board.

From the early days of electronic data processing (EDP) to modern cybersecurity, IT audits have come a long way. The landscape around information systems is evolving and the world of information systems audit should be shaped and prepared to respond to a digital future.

Given the significant changes to the IT environment, information systems audit teams need to be able to adapt to a new IT reality. Changes in business, technology, and sociopolitical environments have increased the need for a force to safeguard organizations in a new and ever-changing digital transformation era.

Conclusion…

The gap between the IT operations and security of the past and that of the current has grown tremendously and the time to develop a new strategy to adapt to these changing times is imminent. The way we manage IT risks and security in organizations has evolved and the time to bring Technology to the Boardroom and embrace a strategic technology orientation cannot wait. Business and technology strategies are rapidly converging. IT is no longer just an enabler of the business—it is the business. In a world where everything from automotive to banking relies upon technology, IT audit methodology needs to change. Furthermore, as companies embrace the digital economy, the role of an IT audit professional needs to evolve in response to the digital transformation of companies. Attempting to move back towards old models will only lead to defeat. What is needed is an open, collaborative approach that brings together everyone who is concerned with managing risk and security to build a stronger and more IT-secured enterprise.

Ahmad is an IT Consultant with years of experience in the fields of Information Security and IT Audit. His scope of work spans over auditing IT systems which include computers, networks, internet access, telephone lines, and other technology. He also has experience in developing and Implementing IT plans and providing training on the implementation of IT plans. Ahmad has also assisted various companies in establishing guidelines for evaluating IT systems and identifying areas for improvement.