Had the opportunity to speak at the Information Governance Forum 2017 organised by ISACA UAE Chapter. It was a great event in which the contributions of professionals in the fields of Information Security, Audit & Risk Management were recognized through ISACA Excellence Awards 2017.
My talk was on the challenges I face as a Chief Audit Executive on how to manage Technology Audits effectively in an ever changing IT environment.
2. AGENDA
• Challenges of Auditing IT Controls in an ever changing IT
environment.
• Auditor’s role in balancing customer convenience with the right
controls around digital products.
• Block chain and distributed ledger technology: What will this and
other evolving topics mean for audit?
• How much of Technology Audit is enough to give a reasonable
assurance to share holders?
26 April , 2017 2IGF- 2017, ISACA UAE Chapter
4. Challenges for the Board Audit Committees
4
Source: KPMG 2017 Global Audit Committee Pulse survey
Audit Committees’ Top Challenges for 2017
26 April 2017
5. Challenges for the Internal Audit departments..
5
Source: KPMG – Internal Audit – Top 10 considerations for 2017 .
26 April 2017
6. IT Audits – Key Concerns
6
Source: Protivity – IT Audit Best Practices Survey report.
26 April 2017
7. So where does all this leave the Auditors?
• Auditors are in a perennial exploration to add value to the
organsiation at the same time giving reasonable
assurance on the control environment to the
shareholders and Board of Directors.
• To Achieve this Auditors should,
• have in-depth knowledge of the business and the macro risks.
• complete understanding of the underlying processes
• analyse the risks involved at each step of the process
• review the existing controls against each risk factors
• provide quality audit reports to address the control gaps
• be proactive in anticipating risks and help business to be
prepared in a timely manner against such future risks.
“ EASY TO PREACH , BUT DIFFICULT TO PRACTICE “
726 April 2017
9. Blockchains and the Auditor
• More than 700 Companies have entered the Blockchain arena of
which at least 150 have solutions at implementation stages ( Source
PWC @ World Blockchain forum in UAE)
• Dubai has a Blockchain Strategy with a vision to have atleast 1000
usecases to be implemented using Blockchain by 2020.
• Dubai Future Foundation & Smart Dubai Office lead the initiative.
• Banks under the UBF (UAE Banks’ Federation) is working on a
concept of Block Chain based KYC documentation.
• Banks are piloting use cases like Cheque validation, Cross border
remittances, TradeFinance & Logistics solutions using Blockchains.
926 April 2017
10. Business Challenges..
• It is not just the auditors who face challenges to catch up with the
rapid growth in technology.
• The Business always plays the catch-up game.
• Banking in particular is seeing a transformation with more Millennials
coming to banks’ core customer bases.
“ I want a Bank where everything can happen through my phone. I want
a set of services that are exclusively designed for me. I do not want to
browse through several screens or menus that are irrelevant for me “
- And all these I need to do from my phone , which is of course
jailbroken…
“ BALANCE BETWEEN SECURITY CONTROLS & CUSTOMER CONVENIENCE“
7 May, 2017 10PROJECT NAME
11. Balancing Controls & Convenience – say “NO” to one size fits all
approach
11
Source- McKinsey Digital Survey 2016
26 April 2017
12. Art of managing an effective IT Audit function..
• How many IT Auditors and how many IT Audits?
• IT Specific audits or Integrated audits?
• Continuous Auditing or Risk based Annual Audit plans?
• Can Audits leverage on Self Assessments.( CSA)?
• Rely on external skills or develop internal skills?
• Can IT Audit be Outsourced or Co-Sourced ?
“ANSWERS DEPEND ON THE TECHNOLOGICAL MATURITY &
ORGANISATIONAL DYNAMICS OF THE ORGANISATION “
1226 April 2017
13. IT Audit Resource Organisation– the current status
26 April 2017 13
Source – ISACA & Protivity – 6th Annual Survey on IT Audit Best Practices
14. Conclusions
• Mapping of IT Audit deliverables to Business Goals is key
to ensure Value Added Audits.
• IT Audit Functions, Internal Audit Departments & Board
Audit Committees should be in sync on the key focus
areas of Technology risks.
• Continuing Professional Education is mandatory for IT
Audit Professionals at all levels to stay relevant in their
profession.
• There is no “one size fits all” when it comes to
recommending controls.
• IT Audit Function is out of its Infancy, but is yet to achieve
maturity.
7 May, 2017 14PROJECT NAME
15. 7 May, 2017 15PROJECT NAME
Thank You
LinkedIn – bijurs
Twitter – bijurs