Technology is the most pervasive of today’s core business drivers, woven integrally into every aspect of the evolving global business environment.
Companies are spending big to acquire the data, software, and hardware that can best connect them to customers worldwide and give them the insights and efficiencies to outdo their competitors. But just suiting up with good IT isn’t enough. In the face of accelerating IT infrastructure demands, market pressures for constant technical evolution, and persistent IT security threats, businesses’ need for IT and information security assurance is profound.
In this environment, internal audit is in the spotlight. Executives, boards, and audit committees are looking for the function to step out beyond the spreadsheet columns of financial, ethics, and IT general controls and jump into the three-dimensional chessboard of today’s IT systems, networks, threats, and opportunities. They need Internal Audit to be proactive, throwing out checklists of IT audits they think they “should” be doing and instead engaging with stakeholders across the organization to discover exactly what they need to be doing to support the company and its business objectives. Through this type of engagement, Internal Audit can develop a big-picture understanding of the strategic, operational, reporting, and compliance objectives behind the company’s IT investments, and use that understanding to drive the IT Internal Audit risk assessment, audit plan, and resource allocation.
PwC's A. Michael Smith, Michael Corey and Jason Pett discuss transforming internal audit to drive digital value