Skip to main content
close search
site logo

Internal Audit’s IT Blues

Published April 20, 2010
David McCann's headshot
Contributing Editor

As companies automate more business processes, they may risk leaving their internal auditors scrambling to catch up, at least according to a new survey that finds internal auditors are not confident in their ability to monitor the soundness of IT processes.

Protiviti, a risk-management and internal-audit consulting firm, asked more than 700 audit practitioners to rate their competency in 28 areas of general technical knowledge, and the areas directly related to IT dominated the list of those needing improvement.

The number-one technical deficiency identified was an understanding of The Guide to the Assessment of IT Risk, a publication of the Institute of Internal Auditors. Attention to the importance of technology risk has mushroomed since early 2009, when the IIA issued a new standard saying internal audit “must” assess whether a company’s IT-governance structures and processes enable the company to sustain and extend its strategies and objectives.

Indeed, in a separate question addressing eight key new or revised IIA standards, survey respondents ranked IT governance as presenting the steepest learning curve. IT governance has not been an area of focus for many internal audit departments, notes Bob Hirth, head of global internal audit for Protiviti. “Ignorance is bliss,” he says. “When you don’t have skills around something, you tend to ignore it.”

Second on the list of technical-knowledge shortfalls was International Financial Reporting Standards, which, while foremost an accounting issue, does present an assortment of technology-related challenges. The third-most-commonly cited deficiency was Extensible Business Reporting Language, or XBRL, the newly required data-tagging format for online financial statements. To date many companies have outsourced the tagging process, which means internal auditors haven’t gotten much direct exposure to it.

Still, Hirth says he’s surprised XBRL rated so highly on the need-to-improve meter. “We don’t have a service line around it, because we have concluded that most companies can do it on their own,” he says. This year will bring a new level of complexity to XBRL, with companies required for the first time to tag information in financial-statement footnotes.

Ranked fourth through sixth on the need-to-know-more list were ISO 27000 information-security standards, the COBIT framework of best practices for IT, and ISO 14000 standards for environmental-management systems. Among the 22 other areas survey respondents rated, only a couple were primarily related to IT.

 

Filed Under: Tax

Editors' pick

  • Calendar
    Image attribution tooltip
    Misha Shutkevych via Getty Images
    Image attribution tooltip
    Tracker

    CFO Annual Conferences and Events Tracker

    CFO’s annual conference and events calendar tracker ensures finance executives know about the most essential in-person events.

    By CFO Editorial Team • Updated Dec. 1, 2023

Company Announcements

View all | Post a press release
Wealth Inequality the Result of Pure Randomness, Tufts University Study Suggests
From Society for Industrial and Applied Mathematics
November 21, 2023

Want to share a company announcement with your peers?

Get started

Read next
  • Calendar
    Image attribution tooltip
    Misha Shutkevych via Getty Images
    Image attribution tooltip
    Tracker

    CFO Annual Conferences and Events Tracker

    CFO’s annual conference and events calendar tracker ensures finance executives know about the most essential in-person events.

    By CFO Editorial Team • Updated Dec. 1, 2023
Latest in Tax
image/svg+xml
Industry Dive is an Informa business
© 2023 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell