AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

IT auditing and cyber security

IT is a broad term that is concerned with managing and processing information. It affects an organisation's strategy, structure, marketing and operations. Areas encompassed by IT that relate to internal audit include:

  • IT governance
  • information security
  • system development and implementation
  • business continuity
  • networking and telecommunications.

Internal auditors are increasingly being expected to provide assurance that their organisation is managing the risks new technologies present. Our series of guidance examines the key issues. 


Artificial intelligence

Considerations for the profession of internal auditing

Organisations are investing in artificial intelligence research and applications to automate, augment, or replace human intelligence. Internal audit is well-suited to be a key contributor to an organisation’s artificial intelligence related activities. Whether lending advice on implementation or providing assurance on reliability, internal audit can positively influence the adoption of artificial intelligence.

This report on artificial intelligence is part one of a three-part series from IIA Global and outlines five critical and distinct internal audit activities related to artificial intelligence.

Read more about artificial intelligence

Artificial intelligence – auditing framework, practical applications (part A)

Part two of the three-part series from IIA Global on artificial intelligence which will help internal auditors approach artificial intelligence advisory and assurance services in a systematic and disciplined manner. This report describes the framework’s components and elements, and provides practical recommendations for implementation.

Read more here

Artificial intelligence – auditing framework, practical applications (part B)

Internal auditors must know how AI works, understand the risks and opportunities AI presents, be able to determine if AI outcomes are as expected, and be capable of recommending corrective actions. This is the third and final part of the series from IIA Global on artificial intelligence.

Published: January 2018


Cloud computing

The main concern about cloud computing is the fear that it might be insecure. Sensitive data may be open to change, loss and theft.

Read more about cloud computing


Cyber security

Cyber security is concerned with minimising any risk of financial loss, disruption or damage to the reputation of an organisation that arises from the failure of its information technology systems.

Read our guidance on how to audit cyber risk and our short board briefing. IIA Global have also published a paper on what board directors need to ask about cyber security and a Global Knowledge Brief on Cybersecurity in 2022


Data analytics, data mining and big data

If you work in an environment that uses big data, you'll need knowledge of data analytics, statistical modelling and IT security in order to provide assurance in this area. This guide explains the key concepts and provides questions for internal audit to consider.

Read more about big data

IIA Bulletin: Cloud security, insider threats, and third-party risks

Ten questions internal auditors should be prepared to answer.

Published: August 2019

Data analytics mandate: Part 2

Part 2 dives into the strategies, tools, and tactics for building a comprehensive data analytics programme that can deliver enhanced audit services.

Published: July 2019

Data analytics mandate

Balancing all the requests of your internal business units is vital for the success of your internal audit data analytics function. Learn how to build a data analytics function that enhances audit service delivery.

Published: June 2019

Integrating a data driven approach

Learn the basics of building data analytics into the internal audit methodology.

Published: October 2018

Good practices for (smaller) internal audit functions

This analytics report from IIA Netherlands seeks to provide practical applications of analytics, particularly smaller internal audit functions by assessing experiences, needs and leading analytical practices.

Published: August 2017

Digital governance

The global pandemic has demonstrated how effective digital strategy and platforms can provide both strong business development and business continuity, but also how reliant organisations have become on a safe and efficient digital infrastructure. A key part of the robustness of this infrastructure is how well it is governed.

Read our guidance on what good digital governance looks like and how to evaluate it


General Data Protection Regulation (GDPR)

With GDPR coming into force on 25 May 2018, organisation need to take action now. Internal audit should be involved at all levels, to help management better understand and mitigate the related risks.

Read our guide and handy self-assessment table


GTAGs: guides on technology risks and controls

IIA Global's Global Technology Audit Guides cover technology-related risks and recommended practices. Each GTAG covers a specific risk and describes the type of controls that can be implemented and tested.


Impact of digitisation on the internal audit function

As businesses transform, internal audit needs to keep pace with developments. This will impact not only the type of internal audits undertaken and the way assurance is provided, but the skills required and the audit methodology itself. 

Read our guide and be ready

5G and the 4th Industrial Revolution - Part II

Building on Part I this report continues the important examination of what could be one of the most influential and disruptive technological advancements of the 21st Century.

Published: July 2019

5G and the 4th Industrial Revolution – Part I

Part one of a two-part series, looks at keys issues that are bound to arise once 5G is a reality. The report seeks to prepare organisations for the potential impacts of 5G so they can proactively address the issues.

Published: May 2019

Internal audit in the age of disruption

By focusing on assurance, engaging with subject-matter experts, investing in training and disruptive technologies, putting new technologies to work, and providing insight into emerging risks and opportunities, internal audit may be seen as a key asset in helping the organisation to harness the power of disruption.

Published: January 2018


Want to become an expert in IT auditing?

We offer a few services that will help you specialise in this area:


External resources

There's an array of online resources that can help organisations develop, manage and secure IT, some of which are focused upon the identification and assessment of risk.

International Standards Organisation
A range of standards relating to IT governance and business continuity. Perhaps the most well known of these is the ISO27000 series that provides a process approach to establish a risk based information security management systems (ISMS).

Information Systems Audit and Control Association
ISACA has designed an IT governance model known as Control Objectives for Information and related Technology or CoBiT. Its website includes both information and computer assisted audit techniques, some of which can be downloaded for free.

UK Department for Business Innovation and Skills
Advice on policy to embed good information security practice within the UK business community.

Content reviewed: 24 May 2024