IT Governance Assurance and Consulting: A Compelling Need for Today’s IT Auditors

Abstract

Board members and executive management are actively involved in providing IT strategic direction, enabling the achievement of business objectives, ascertaining that IT related risks are managed appropriately and verifying that enterprise IT resources are utilized responsibly. They have become more and more interested in ensuring strategy alignment of IT and business, risk optimization and resource optimization. IT has become an intrinsic and pervasive component for sustaining and extending enterprises’ strategies and objectives compelling today’s IT auditors to go beyond the traditional IT audit roles of application control reviews (ACRs) and general control reviews (GCRs), IT projects advisory and information security reviews to include IT governance assurance and consulting. Today more than ever IT auditors need to provide consulting and assurance services on enterprise governance of IT. Auditing the screws and spanners of Information Technology (IT) and passwords only has become less crucial to business and the audit committee. IT auditors can use frameworks such as COBIT 5 as guideline to ensure that organizations implement effective enterprise governance of IT.