Emerging technologies bring opportunities to organizations, but they also expose the enterprise to new risk

1. Emerging Technology and Role of the
Internal Auditor
Technology is evolving at an unprecedented pace. Corporate entities strive to
improve service delivery and consequently customer satisfaction through
heavily investing in modern technology and reliance on automation like smart
automatic teller machines, point of sale devices, contactless debit and credit
cards, mobile phone applications etc. Resultantly, the same has opened
computer networks to unprecedented levels of vulnerabilities and risks
including cyber-attacks.
Albert Einstein said; “The measure of intelligence is the ability to change” -
This implies that internal audit and quality assurance functions need to identify
and focus on emerging risks. Internal audit should ensure that the risk
assessment and audit planning process adequately incorporate emerging
technology risks, understand the impact on the audit plan and update the plan
as appropriate, but most importantly recognizes where internal audit can add
value.
Moreover, internal auditors must step away from the traditional reactive role
and embrace a more proactive role if they are to give reasonable assurance
that the Governance, Risk and Control aspects are effective in risk mitigation
and adequately safeguard company assets. They should not be functioning
solely; but rather collaborate with different departments within an organization.
Even though majority of the internal audit teams have transformed
themselves, there are still a few that need to adopt these changes. Working
closely with various departments within an entity will help in addressing the
emerging threats arising from the technological advancements throughout the
organization.

2. How can internal auditors help in tackling technological risks?
 Make use of technology-enabled auditing and continuous auditing techniques to
monitor controls over areas that are more susceptible to fraudulent actions.
 Collaborate with department heads and business owners to ensure
organizational standards and the relevant laws and regulations are taken care of
while establishing vendor relationships.
 With mobile applications, bring your own devices (BYOD) and cloud computing
creating novel risks, internal auditors have the responsibility to identify, assess
and monitor these risks appropriately, with the assistance of executive
management and business owners. Clear IT access and security policies and
controls must be developed and communicated to all stakeholders. With this,
security and privacy risks can be avoided to a certain extent.
 Also, Internal Audit professionals are expected to be equipped with sufficient
knowledge and skills to perform audits in line with these technology disruptions
and recommend feasible and cost effective controls for improving the risk
posture, putting in mind that these changes can either be positive or negative:
Positive in a sense that business are reaping the benefits of these technologies
through increased efficiencies, and negative in a sense that they may be
implemented in a manner that imperils profitability, data protection and security.
Conclusion
Emerging technologies bring opportunities to organizations, but they also
expose the enterprise to new risk. Auditors are expected to identify the right
balance between cost and benefit of internal controls for mitigating these risk
factors. This includes understanding how technology integrates with business,
how it is governed, which activities are automated and how they are
controlled, what the business impacts are because of this automation, and
how negative impacts are controlled and monitored. I personally believe that
Internal Audit professionals will continue to be in demand due to their strategic
position in organizations’ lines of defence.

3. Emerging Technology and Role of the
Internal Auditor
HLB HAMT
Level 18, City Tower-2,
Sheikh Zayed Road
PO Box 32665
Dubai – United Arab Emirates. Tel: +971 4 327 7775
E-mail: dubai@hlbhamt.com
www.hlbhamt.com