Ideagen advert Workiva advert TeamMate

IT auditing and cyber security

IT is a broad term that is concerned with managing and processing information. It affects an organisation's strategy, structure, marketing and operations. Areas encompassed by IT that relate to internal audit include:

  • IT governance
  • information security
  • system development and implementation
  • business continuity
  • networking and telecommunications

Internal auditors are increasingly being expected to provide assurance that their organisation is managing the risks new technologies present. Our series of guidance examines the key issues. 


Cloud computing

The main concern about cloud computing is the fear that it might be insecure. Sensitive data may be open to change, loss and theft.

Read more about cloud computing


Cyber security

Cyber security is concerned with minimising any risk of financial loss, disruption or damage to the reputation of an organisation that arises from the failure of its information technology systems.

Read our guidance on how to audit cyber risk

Read our short board briefing 

IIA Global have published a paper on what board directors need to ask about cyber security


Data analytics, data mining and big data

If you work in an environment that uses big data, you'll need knowledge of data analytics, statistical modelling and IT security in order to provide assurance in this area. This guide explains the key concepts and provides questions for internal audit to consider.

Read more about big data


GTAGs: guides on technology risks and controls

IIA Global's Global Technology Audit Guides cover technology-related risks and recommended practices. Each GTAG covers a specific risk and describes the type of controls that can be implemented and tested.


Want to become an expert in IT auditing?

We offer a few services that will help you specialise in this area:

  1. Develop your expertise in IT by taking our IT Auditing Certificate, which is designed for qualified internal auditors.

  2. Take one or both of our courses on information systems auditing. We offer an introduction course and an advanced course on this subject.
  3. Join the Information Security Special Interest Group which supports practitioners working in areas of computer audit and information security.

External resources

There's an array of online resources that can help organisations develop, manage and secure IT, some of which are focused upon the identification and assessment of risk.

  • International Standards Organisation
    A range of standards relating to IT governance and business continuity. Perhaps the most well known of these is the ISO27000 series that provides a process approach to establish a risk based information security management systems (ISMS).
  • Information Systems Audit and Control Association
    ISACA has designed an IT governance model known as Control Objectives for Information and related Technology or CoBiT. Its website includes both information and computer assisted audit techniques, some of which can be downloaded for free.
  • UK Department for Business Innovation and Skills
    Advice on policy to embed good information security practice within the UK business community.
Content reviewed: 1 June 2017

Technical question?

Name: Email: