Internal Audit and Emerging Technology: The future of IT Audit

Midhun Menon P


HLB HAMT - Accounting Firm in UAE

Phone:- +971 4 327 7775
Mobile:- +971 52 830 7998
WhatsApp:- +971 56 219 1607

    Schedule a Consultation

    Technology is both a blessing and a curse. During COVID lockdowns, many office workers have begun to work remotely, and businesses of all sizes have begun to market their products online. Virtual meetings became commonplace. Everyone learned to live and work in a more remote world.

    While some people find the opportunities that technology creates endlessly exciting, others (often those in charge of monitoring, controlling, and ensuring that it is used safely, ethically, and by regulations) find it incomprehensible and threatening. Many internal audit teams have been struggling for several years to find people with IT audit expertise, and they are now under increasing pressure to use more technology, more effectively, in their audits. The rapid emergence of new technological developments, from AI to blockchain, adds to their concerns.

    However, the complexity of auditing emerging technology in a new digital age should not be underestimated. Internal audit processes and methodologies that have been tried and tested are not obsolete. Internal auditors must comprehend what existing and emerging technologies do in their organizations, as well as what they will do in the future. They must also be aware of potential risks and gaps in assurance.

    They can, however, accomplish much of this without specialized IT skills; as with all internal audit engagements, curiosity, imagination, and the ability to ask the right questions of the right people are essential. External assistance can be obtained for specialized areas, but all internal audit teams are likely to interact with emerging technology in some form and should take the time now to consider what this means for their business and audits.

    Technologies in Development

    Most internal audit teams are becoming acquainted with auditing technology that allows for remote work and well-established corporate IT systems, and many are beginning to use data analytics and Big Data to inform their audits. However, it is now critical to keep an eye on emerging technologies, which are still relatively uncommon but are expected to develop rapidly. Internal audits must stay one step ahead of any risks or assurance gaps that arise because of these risks.

    A recent survey of attendees at a Wolters Kluwer webinar on emerging technology found that 20% were using robotic process automation (RPA), 12% were using artificial intelligence (AI), and 3% were using blockchain technology. Significantly, half of the attendees said their organizations were not yet using any of these, while 15% said they were using more than one. Given how quickly technology advances, internal audit must understand what this means for their business, but most still have time to prepare.

    Other examples range from virtual reality, the internet of things, bioinformatics, and natural language processing to quantum computing and 5G. RPA, AI, and blockchain are the most widely used and well-established, so these are the ones that internal auditors are most likely to have to audit shortly.

    Internal auditors may be called upon to evaluate the strategic decision-making process when a company adopts new technology, but their work will be similar to that of other large corporate decisions. The main audit challenges are assessing any new risks that an emerging technology introduces into the organization once it is implemented, as well as how management monitors and controls these risks. As a result, the internal audit team must understand what the technologies will be used for, how they will be used, and by whom.

    Risks associated with RPA

    Risks associated with RPA, which is used to automate frequently repeated processes that are critical for day-to-day business, include inappropriate process selection, incorrect configuration, unexpected costs, security, inadequate performance, and change management.

    One application of RPA could be a chatbot designed to filter common customer questions. Incorrect configuration may cause the bot to delay passing customers who require additional assistance from human contact, alienating customers. Inappropriate processes may imply that a bot is used to answer questions that may indicate fraud or involve sensitive information that requires individual thought and attention.

    Similarly, an RPA system may incur unanticipated costs if, for example, a bot replaces call center staff but then necessitates specialized maintenance and more skilled and expensive personnel to manage it. Other internal audit considerations include whether a bot handles sensitive data that is subject to privacy or other regulations and whether it regularly connects to organizations outside the corporate firewall, introducing new risks of breaches or misused data.

    The sheer volume of data passing through an RPA system may necessitate the addition of new safeguards and checks. On the other end of the spectrum, it’s critical to monitor whether the system is functioning properly—that is, whether it can connect to all of the internal systems that it requires to provide meaningful, accurate answers to questions. The internal audit could also look at whether the IT team has enough experience, training, and resources to manage it.

    The administration of an RPA system may also pose a risk. If it is used to automate an area where frequent changes are made, it may necessitate additional layers of processes each time, adding time, complexity, and the risk that people will cut corners.

    AI’s most common risks

    AI introduces a new set of risks. Data system use numerous resources and as a result, more entry points and connections are formed, thus enhancing the potential risks. Physical risks may also exist if an organization uses AI in products such as autonomous vehicles or to detect when heavy machinery requires maintenance. AI could also be used to diagnose medical problems. If it is improperly configured or malfunctions, it may cause harm to people before the problem is identified.

    Some risks overlap with those associated with other types of emerging technology; for example, data privacy is likely to be important when employing AI. Internal auditing should ensure that data used and shared have the explicit consent of data providers. Is this configured correctly and adequately controlled?

    There have also been reports of AI systems being primed with data, which results in inherent bias. If a system is designed using data collected over a long period and is configured to make decisions based on prior rationale, it is likely to make similar decisions, which may reflect observed human biases from that period. This increases the likelihood that a company will not only shortlist the wrong candidates but will also suffer reputational damage and possible legal costs. Internal auditing should look into how this is being tracked and whether bias is being identified, managed, and corrected.

    Internal audits should also inquire about how the AI system can be modified if external circumstances drastically change. AI is designed to evolve and adapt, but only within the parameters that it is given. If the world changes quickly, as it did when the pandemic began, new parameters may be required.

    Both intentional and unintentional failures must be considered. The more powerful and connected a system is, the more destructive it can be if misused, putting trade secrets, plant operations, and security at risk.

    Common risks for Blockchain Technology

    Blockchain’s strengths can also be its weaknesses. The inability to reverse transactions or access data without the necessary keys makes the system secure, but it also means that organizations must follow specific protocols and management processes to avoid being locked out and to have clear contingency plans.

    Interoperability is essential for blockchain; it must be able to communicate with multiple internal and external systems. Internal audit must gain assurance that it can do so and that it is thus functioning properly. Because operating through network nodes exposes the organization to cyber-attacks and data hacks, security concerns are paramount.

    Internal auditors should also ensure that the organization has the necessary data management processes in place and is in compliance with all applicable regulations. Because the regulatory landscape for blockchain is still evolving, audit teams should ensure that compliance managers are constantly monitoring developments and adapting processes accordingly.

    Further risks stem from the organization’s transactions with unknown external organizations; auditors should inquire whether this could expose them to, for example, violations of anti-money-laundering legislation.

    Programs for scoping out Emerging Technologies

    All emerging technologies rely on interactions with internal and external systems. With each new connection, new risks are introduced. This is an evolution of the risks that internal audit considers when auditing existing IT systems, but the volume of data and system complexity are novel.

    Furthermore, internal auditors should be aware of the critical importance of adequate security and backup procedures for encryption and keys.

    Some emerging technology is governed by existing regulations, such as those governing privacy, but much remains unregulated or only lightly regulated. Internal auditors should expect regulations to change quickly.

    Finally, rather than being distracted by their focus on emerging technology, internal audits should continue to monitor the overall health of their organization’s IT as usual. It is critical to find ways to blend how old and new IT risks are constantly monitored.

    When asked what the most important factor was to consider when planning and scoping an audit of emerging technology, 62 percent of Teammate webinar attendees said it was aware of the risks introduced by technology. Their next most important concern was the alignment of new technology with enterprise strategy (23%), while 10% were concerned about a lack of subject matter experts.

    Three-quarters of webinar participants said they currently outsource or co-source support for emerging technology audits. According to Jae Yeon Oh, one of the advantages of co-sourcing is that the audit team can learn from working alongside those with more experience. Only 11% of attendees had auditors with experience auditing emerging technology, and 23% admitted they did not audit it at all.


    Would you like to rate us on Google?         


    Varun R Chandra
    Varun R Chandra
    07:38 25 Apr 21
    HLB Hamt is highly recommended! They have the quality of services that would satisfy your needs. I'm glad I found them.
    Giuseppe Assi
    Giuseppe Assi
    06:20 31 Jan 21
    Mohamed Sheriff
    Mohamed Sheriff
    16:16 28 Jun 20
    Experience with HLB Hamt in audit experience is great pleasure. They deploy well qualified accounts team for audits.... And the amount of checking they perform give the management of the company confidence that internal controls are well in place. We are glad to see they have high standard of audit more
    218141 JOSEPH THOMAS
    218141 JOSEPH THOMAS
    16:20 23 Jun 20
    Professionally managed firm with commitment to the engagements taken. My company and its group are assigning our... requirements for last 12 years to HLB and we don’t have any negative remarks on any more
    07:14 23 Jun 20
    In my opinion, HLB Hamt is one of the best professional firms in UAE after big4. Excellent client service, professional... and competent staff and timely delivery are their strength. Over the years they have developed the infrastructure and skill set to handle multiple verticals ie, audit, tax services, consulting, IT support etc.Wishing HLB Hamt team all the very more
    08:28 21 Jun 20
    Thank you Team HLB hamt...Your internal auditing team put the good amount of time and inputs in helping the... organisation making considerable improvements throughout the organisational working structure and helps in building the better more
    Maharajan Subramaniam
    Maharajan Subramaniam
    18:17 06 Jun 20
    High-Performing IT Teams, I'm impressed with the knowledge level of their deputed staff, audit procedures, and... checklist adopted. Mr. Vimal especially understand the requirement and provide solution not only technical feasibility and also considered budgeting. We’re confident in their more
    Mohammed L
    Mohammed L
    08:07 05 Jun 20
    We have been working closely with them on payroll services for quite sometime.They provide very professional... services,experts in domain and excellent support. Would recommend more
    06:32 04 Jun 20
    Very professional team. Vimal has always given us good solution advice for various Software and IT Infra projects. We... are very Extremely satisfied working with him and his team. Wishing them more
    Basil Daniells
    Basil Daniells
    05:55 03 Jun 20
    I have worked with HLB as a partner of Sage for about 2 years, they were dedicated to the success of the partnership... and kept aligned with the business plan that was agreed between our two companies. They are always ready to go the extra mile for a customer and don’t shy away from challenging circumstances. Keep up the good work and wish you all the success in the more
    Amar Kashyap
    Amar Kashyap
    19:28 02 Jun 20
    Team of well qualified and organised professionals. Their reports are not based on numbers first they will understand... their client and their business. They are highly recommended and trust more
    Radz de Jesus
    Radz de Jesus
    16:03 02 Jun 20
    We're glad to have found HLB Hamt to conduct the IT audit and risk assessment for our organization. We have learned a... lot from their team during that first project. And since then, we've continued to be in touch with them. Mr. Vimal especially is very good at presenting technical concepts in simple yet interesting ways that non-IT and business people alike would easily catch. We are very happy with the professionalism and quality of service they provide. They leave their clients nothing short of satisfied. Highly more
    Next Reviews

    Get in touch

    Share to:

    Copy link:

    Copied to clipboard Copy