The importance of Internal Audit in IT

Posted by | November 5, 2014 | Big 4 Accounting firms, Internal Audit, Latest Audit Information & News, Risk Audit

According to Dave Roath, IT risk and security leader at PwC US and her colleague at the firm Carolyn Holcomb who is the data protection and privacy practice leader, businesses need internal audit to take the initiative and be more involved in the entire life cycle of data.

In their opinion, the rise of emerging markets, privacy, cyber security, changing consumer and market demands, rapid shifts in global laws and regulations and heightened investor pressures have produced a new environment of uncertainty, complexity and risk.

To confront those new realities, management, audit committees, boards, and other stakeholders have begun asking internal audit (IA) to provide them with comfort as well as insight into these risks. However, it is becoming increasingly difficult for IA departments to staff the requisite skills to effectively meet stakeholder demands.

Nowadays, as we can figure, technological change and information technology (IT) risk is one of the main concerns for leading companies’ executives.

For example, in December 2013, hackers stole 40 million credit card numbers from the records of a retail giant. A month earlier, data from some 152 million user accounts had been stolen from a major technology company, along with source code to several of the company’s software products. Consumers’ expectations also continue to evolve. Related to this, TRUSTe 2014 U.S. Consumer Confidence Index (registration required) showed that 89% of consumers say they avoid doing business with companies they think do not protect their privacy on-line.

These recent troubles caused that many organizations have been scrutinized by regulators for privacy concerns. For example, regulators closely monitor how companies collect, store, use, share, and destroy data, and whether or not they are complying with their own privacy notices.

However, threats arise not only from beyond company walls but also from within the corporate sphere. Beyond the potential for catastrophic data breaches and privacy incidents, businesses are also concerned about the broader disruptive effects of technological change, including the potential for system failures, exposures stemming from cloud storage or mobile device usage, third-party data risks, reputational risks from social media, and the tendency of rapid innovation to drive customer demand and thereby shorten the shelf life of new products and services.

According both internal and external threats, Internal audit will help their company understand, monitor and mitigate IT related risks of all kinds, but also will help to check if companies’ IT, privacy and information security strategies are aligned with the business’s strategy.


For jobs with some of the leading international consulting firms across the world as well as tier one multinationals, please contact Audit International on 0041 4350 830 95 or else email your current cv to



1266 total views, 1 today