Audit IT without IT audit staff

In the early 1990s auditors (internal or external) never really looked inside the IT infrastructure of a company and it was treated like a black box. During an audit transactions were audited as if the IT applications did not exist. Then came the wave of specialised IT audits who could open the black box and identify numerous new risks associated with the complex workings inside the servers, computers and applications used. The financial/operational auditor could never really understand these risks and full reliance was placed the IT auditor. However, in…

Read More