Providing assurance for highly complex digital solutions challenges both management and auditors. But it’s an important way to establish trust. As society and organizations become more dependent on the reliability and security of these solutions, independent assurance becomes more relevant.
How do we know whether digital applications and solutions are sufficiently secure? Are the answers generated by algorithms honest and fair? Are we sufficiently resilient to cyberattacks and are we spending our money on the right digital solutions? These questions are extremely relevant for managers and supervisors of organizations as they must be able to account for their choices.
In a world where developments move at lightning speed and everyone is linked to everyone, accountability for the quality of digital applications is taking on new dimensions.
Reporting on technology governance
Traditionally, the management report is a form of accountability for policy, which is static in nature and part of the annual cycle. The board report could discuss the digital agenda, and it has recently been explored in certain countries whether an (external) IT audit “statement” can also be added. To date, only a few countries have regulations around the monitoring of technology and corresponding reporting. With the King reports on corporate governance, South Africa, for example, has the longest and most specific references to technology governance. Given the relevance and impact of digital solutions it seems logical also to report on the quality of technology governance in a dynamic and if possible, more “real time” way.
The complexity of information systems caused the emergence of the IT audit discipline in the late ‘80s. IT auditors initially focused on the quality of financial reporting systems; however, they also quickly deployed their knowledge in many other business domains. Independent technology assurance has developed hugely since then and become a relevant discipline in the control and compliance space. Bringing into play concepts of continuous monitoring and auditing makes it much more dynamic and relevant. Providing feedback to stakeholders based on actual real-time data improves the impact of the audit. Furthermore, technology helps the audit discipline to become more efficient and effective.
Common body of knowledge
Given the complexity of digital solutions, different experts often work together to resolve issues. This also applies to the control and assurance efforts. A common body of knowledge across the different areas of expertise helps in shaping a common language to work together effectively. Not only IT auditors should understand these basics: business and technology management and risk management also play a vital role in shaping secure and reliable information systems.