Some of you may not know this, but earlier in my career I was an IT auditor (starting with Coopers & Lybrand). In fact, I was a bit of a techie and trailblazer when it came to understanding how the operating and related systems could affect the operation of applications and, thereby, business operations.
I had some fun with this when the IT audit leaders in France contradicted me. I wrote a simple RPG ii program then compiled and ran it twice. I changed a couple of lines in the Linkage Editor so that the results were different.
Anyway, IT audit has been a passion of mine for many years.
So, when I saw that Deloitte has published a piece, The Future of IT Audit[1], I was interested.
Here are some excerpts with my comments:
- In a world where everything from automotive to banking relies upon technology, IT audit methodology needs to change. The future of IT audit should align itself with IT’s new strategic role and to act as an adviser, not solely an auditor.
Comment: being an auditor is being an adviser. That should not be a change.
Comment: what may need to change is that a larger percentage of the audit plan and staffing should be on technology-related risks and opportunities.
- As boards are recognizing a paradigm shift wherein IA takes on a strategic role, they expect IT not just to keep pace, but also to…