With increased focus on cyber-security and consequently efforts by enterprises to ensure resilience against cyber-attacks and data breaches, it is critical that IS audit techniques evolve to ensure its continued importance and effectiveness as an independent assessor of an organisation’s control environment.