Internal auditors need to understand common technologies that enable remote work, the significant risks arising from remote access, and standard controls that prevent, detect, or remediate unauthorized access or sharing of information.
The COVID-19 pandemic prompted a significant increase in those working from home and the resultant risks relating to a mobile or remote workforce.
This guide supersedes the Global Technology Audit Guide (GTAG), "Auditing Smart Devices," and broadens the scope to focus on a wider range of risks and controls related to a mobile workforce.
This guidance will enable internal auditors to:
- Define mobile computing hardware, software, and communication tools.
- Understand risks and opportunities associated with mobile computing.
- Understand components of remote access processes and related security controls.
- Understand the basics of auditing mobile computing, including specific controls that should be evaluated.