Internal auditors racing to keep pace with technology

BY KEN TYSIAC

Internal auditors have a strong desire to know more about emerging technologies and improve the way they use technology to perform their duties, a new survey shows.

Mobile applications and social media are among the top areas of technical knowledge that internal auditors most need to improve, according to a global survey of more than 600 internal auditors by global consulting firm Protiviti.

And computer-assisted audit tools and data analysis tools top the list of audit process knowledge internal auditors crave the most.

“Internal audit professionals’ plates are more than full as they strive to protect their companies from exposure to risk while assessing new technologies and learning new regulatory requirements and professional standards,” Brian Christensen, CPA, Protiviti’s executive vice president for global internal audit, said in a news release.

Here are three survey trends that illustrate internal auditors’ race to keep pace with technological advancements:

Going mobile. Internal auditors rated mobile applications as the technical area in which they most need to improve their technical knowledge.

In descending order, other technical areas where internal auditors said they most need to improve their knowledge are the National Institute of Standards and Technology’s cybersecurity framework; social media applications; cloud computing; and Global Technology Audit Guide 16—Data Analysis Technologies.

Using tools. Computer-assisted audit tools ranked No. 1 on the list of audit process knowledge internal auditors said they most need to improve.

Data analysis tools occupied three of the next four slots on the list, as internal auditors want to improve at using them for data manipulation, statistical analysis, and sampling. “Auditing IT—new technologies” ranked No. 4 on the list.

Getting social. The percentage of respondents who said their organization addresses social media in its risk assessment grew from 49% in 2013 to 56% this year. Forty-six percent of respondents’ organizations address social media as part of the overall risk assessment process, while 10% address social media separately.

But just 25% said evaluating and auditing social media risk is part of their audit plan for 2014. That’s up from 20% in 2013.

“Companies are not doing enough to address social media risks and safeguards and, in turn, are facing undue exposure to significant risks to their business,” Christensen said.

Boards, management, and chief audit executives should be more active and vigilant in managing social media risks, he said.

Ken Tysiac ( ktysiac@aicpa.org ) is a JofA senior editor.

SPONSORED REPORT

Questions to ask before committing to the cloud

Cloud computing has its pros and cons. In this report, we answer common questions CPAs may have as they consider transitioning partially or fully to the cloud.

QUIZ

News quiz: IRS reopens an online service, but criticism endures

The IRS brings back the Get Transcript Online service, but the agency faces criticism for its handling of the aftermath of the event that led to the shutdown of the service. See how much you know about other recent news with this quiz.

CHECKLIST

Auditing risks in culture

Cultural flaws can seriously damage an organization. Here’s how internal auditors can reduce risks by embedding culture audits into existing audit programs.