Abstract
Advances in information technology (IT) present important new organizational risks, and the assessment and management of these risks may involve a variety of groups, including internal auditors, external auditors, in-house IT experts, and outside consultants. To begin to understand how organizations are addressing their IT risks, this exploratory study examines the IT-related activities of one group—internal auditors. Information gathered from over 100 internal audit directors indicates that internal auditors focus primarily on traditional IT risks and controls, such as IT asset safeguarding, application processing, and data integrity, privacy, and security. Much less work is done on system development and acquisition issues. Several factors are associated with internal auditors' performance of IT evaluations, including the nature of the audit objective, the prevalence of computer audit specialists on the internal audit staff, and the existence of new computerized systems. To supplement these results, we encourage further research on the efforts of other groups in addressing IT risks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
