Internal audit cannot avoid thinking about and planning for emerging technology such as blockchain; that technology is real and its coming full steam ahead which is something we all need to take seriously as professionals. The biggest questions are how to get educated about blockchain, how to identify and assess risk, and how to know if process controls in this new blockchain world are designed effectively and efficiently.
If your organization intends to manage some or all its business on blockchain, then it’s no longer just the IT auditors’ scope, internal auditors needs to understand the risks and controls in keeping financial transactions in the blockchain – for financial auditors, operational auditors need to understand how blockchain replaces parts of workflow and process and the IT auditors need to understand the security and API frameworks that accompany blockchain.
We are also moving toward more real-time auditing and continuous monitoring of the business, which requires implementing strong data analytics programs. While you are at it, figure out how to audit artificial intelligence, robotics process automation, and blockchain. Then when you figure that out, start using those technologies to make your team better, smarter, faster.
In this evolving environment, it is more important than ever for the key players in the auditing ecosystem —auditors, audit committees, and management—to have a strong grasp of roles and responsibilities. As the use of emerging technologies in the reporting process increases, it becomes less likely auditors can design traditional substantive tests (e.g., test of details or substantive analytical procedures) that, by themselves, would provide sufficient appropriate audit evidence that respond to identified assertion-level risks.
A core strength of the auditing profession is the assessment of risks and controls. As they address the challenge of assessing technology risk, auditors can and should focus on the following:
- Auditors should gain a holistic understanding of changes in the industry and the information technology environment to effectively evaluate management’s process for initiating, processing, and recording transactions and then design appropriate auditing procedures.
- Auditors, as appropriate, should consider risks resulting from the implementation of new technologies and how those risks may differ from those that arise from more traditional, legacy systems.
- Auditors should consider whether specialized skills are necessary to determine the impact of new technologies and to assist in the risk assessment and understanding of the design, implementation, and operating effectiveness of controls.
In conclusion,while emerging technologies can bring about great opportunities and efficiencies for a business, they also bring with them new challenges. An understanding of these emerging technologies and an awareness of the benefits and risks they present to financial reporting is essential for auditors, management, and audit committees to discharge their respective responsibilities.
Shared by IIA Nigeria Media/IT Coordinator.
Join IIA Nigeria today to advance your internal audit professional career.
For further details, see below.