Fundamentals of IT Audit for Operational Auditors
Timothy McWilliams, CIA, CRMA, CISA
Cybersecurity and information technology (IT) issues are topics of great concern for executive management, audit boards, and audit committees. Failure to have the proper IT controls to protect confidential and sensitive data can result in fines, damage to reputation, loss of customers, business disruption, and financial loss.
The need for IT audits within an organization continues to grow as more processes are automated and risks associated with an organization’s use of emerging technologies increase. However, organizations generally have limited IT audit resources, and IT auditors are in high demand.
This book provides operational auditors and entry-level IT auditors with information that can be applied to understand the IT risk assessment process used to develop the annual audit plan as well as evaluate IT governance, IT general controls, and application controls—either individually or jointly with an experienced IT auditor. It also supplies auditors with knowledge to help create an awareness of operating systems, databases, and network infrastructure and devices that protect and support business operations.
In addition, the book offers useful details on emerging technologies such as artificial intelligence, robotic process automation, mobile computing, cloud, and blockchain technology. Included are examples of risk control matrices (RCMs) that can be used to evaluate IT and application processes and customized to the organization’s IT environment.
About the Author
Timothy McWilliams, CIA, CRMA, CISA, managed North American internal audit operations for a global manufacturing company for more than 13 years. In this role, he managed operational, manufacturing, IT, regulatory compliance, and captive finance internal audit staff in the United States and Mexico. He also provided support and training for global internal audit functions.