Internal auditors need to understand common technologies that enable remote work, the significant risks arising from remote access, and standard controls that prevent, detect, or remediate unauthorized access or sharing of information.

The COVID-19 pandemic prompted a significant increase in those working from home and the resultant risks relating to a mobile or remote workforce.

This guide supersedes the Global Technology Audit Guide (GTAG), «Auditing Smart Devices,» and broadens the scope to focus on a wider range of risks and controls related to a mobile workforce.

This guidance will enable internal auditors to:

• Define mobile computing hardware, software, and communication tools.
• Understand risks and opportunities associated with mobile computing.
• Understand components of remote access processes and related security controls.
• Understand the basics of auditing mobile computing, including specific controls that should be evaluated.

Explore best practices for maintaining and strengthening audit/stakeholder relationships, and examine how the adoption of technology solutions is critical for addressing the remaining remote audit challenges. This report offers options for sustaining a positive workplace culture to meet the new realities of the remote workforce.

Four steps to starting internal audit’s data analytics journey – Demystifying the world of data analytics.

This global brief helps internal auditors walk the data talk. It outlines the experiences of several internal audit leaders, and also provides recommended tools to guide internal audit functions along the way to drive efficiency, enhance coverage, and allow for the consideration of continuous auditing in certain scenarios.

Addressing business resilience is a challenge. But it is necessary to meet stakeholder expectations for deeper and broader strategic insights and to gain a sharper understanding of enterprise changes and priorities.

Now is the time for internal auditors to think and act boldly about the activities needed to help their organizations manage known and unknown risks.

Practice Guide – Recommended Guidance

Within the public sector, procurement is a huge expense funded with taxpayer dollars. Internal audit can provide assurance on the effectiveness of an organization’s plans and programs to procure goods and services with efficient practices.

This practice guide will help auditors understand public procurement, improve existing procurement processes, and offer advisory services that help organizations plan new procurements.

This practice guide helps auditors:

• Compare differing methods of public sector procurement.
• Examine several approaches and their benefits to auditing procurement.
• Identify contemporary, relevant procurement tools and techniques.
• Understand the impact of poor procurement on the entity/agency.

Minding the Gaps to Maximize Insights

The Internal Audit Foundation and Deloitte collaborated to create a Premier Global Research Study, “Assessing Internal Audit Competency: Minding the Gaps to Maximize Insights,” to complement the launch of The IIA’s Internal Audit Competency Framework.

The framework comprises 22 core knowledge areas across four professional pillars: Professionalism, Performance, Environment, and Leadership & Communication. It focuses on various standards, key proficiencies, and situationally specific competency levels: General Awareness, Applied Knowledge, and Expert.

The resulting comprehensive report outlines five key insights that help identify areas where gaps exist in competency and relevance to the auditor’s current position, as well as the perception of their ability to audit key digital technologies.

Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. This GTAG helps auditors understand why it is important to provide assurance over business applications and how to identify and assess the relevant risks and standardized and system-specific controls when performing audit engagements.

This guidance will enable internal auditors to:

• Understand relevant risks and opportunities related to business applications.
• Gain a working knowledge of the full life cycle of a business application, from planning and development to support and management reporting, along with the relevant risks and controls.
• Become familiar with relevant guidance from three widely used control frameworks.
• Plan and perform engagements to provide assurance over business applications.