Reflection IT

Understanding the IT Environment

Upon reflection, technology has changed enormously and I have learned that without technology
some of the organisational objectives that have been achieved would not have been possible. My
contribution to this is, I developed an automated internal audit workpaper tool using Excel and VBA
which is mainly used by the school auditors in undertaking compliance audits. This for me was one of
my greatest contributions of which I am most proud of.

IT Risks and Controls

One of the biggest aspects of my job is to perform IT audits which examine IT systems to ensure that
assets are being safeguarded and data is being protected. A big challenge for this is recognising
where the risk is and what control would mitigate, lower or remove the risk. Personally I have found
the “Onion Model” (Capgemini, 2015) to be one of the most useful tools to visualise “where” risk
can be found and “where” layers of controls need to be implemented. I have found the IIA GTAG
book series to be invaluable and especially useful for “what” IT controls are needed whether it be
application controls, IT general controls or IT management controls.

IT Audit Process

With respect to the IT Audit Process I feel that it is better value to combine IT Audit into financial and
process audits. The integration of IT audit allows techniques such as Computer Assisted Audit
Techniques (CAATS) to be utilised to add value to test sample data accuracy, completeness and
reliability.

IT Governance

In my organisation, internal audit only plays a small part in IT Governance and this is mainly for
providing compliance and assurance or as a post mortem role to projects that have failed. Personally
I would like to see internal audit play a greater consultative role and this may prevent governance
issues.