Cangemi Perspectives: What is the future of IT Audit?
Michael P. Cangemi a former CAE, CFO & CEO, is a Senior Fellow and Advisory Board Member of the Rutgers Continuous Auditing and Reporting Lab.
I am often introduced as a pioneer of IT Audit. However, there were a few others just ahead of me, so I prefer to say I was early in the second wave of IT Audit, i.e. circa 1970’s. At the time, our initial audit reports made quite an impact and led to the development of the IT Security profession as the frontline of defense. Recognizing the need for general computer controls and the need to audit the data using computer assisted audit software were remarkable accomplishments.
ISACA, founded in 1969, was just getting started and I was involved early in the development of their publications, as well as, IIA’s publications on IT Audit. Recently ISACA completed a major survey and published a Research Brief: The Future of IT Audit. This research shows that ‘IT auditors are increasingly becoming an integral part of or strong partners to organizations’ technology teams’.
The key findings of the research, which surveyed 4,928 CISA’s worldwide are as follows:
- Auditors are increasingly involved in enterprise technology projects
- Auditors’ technical skills must increase as audit automation increases
- Technology’s impact on staffing size is uncertain
- IT audit leadership is tech savvy, but an executive-level technology skills gap exists
The research is well worth a read. My observations are as follows:
The IT audit profession continues to evolve, expanding their scope of work and importance. It is not a surprise they exhibit optimism over their future. Most believe staff sizes will increase but ‘Auditors are split on whether AI will replace all or some of the role of the IT auditor in the next three to five years, with 37 percent saying it is likely, and 42 percent saying it is unlikely’.
Writing on the survey, Brennan P. Baybeck, Vice Chair of ISACA board and Vice President of Global IT Risk Management for Oracle Corporation, said, “While IT auditors have a proud, longstanding tradition of making strong contributions to their organizations, auditors are seldom known for being on the leading edge of pursuing new technical capabilities or finding innovative approaches to performing their work. That will need to change, at least to some extent, if IT auditors are going to remain indispensable in a future in which automation, artificial intelligence and other emerging tech trends will dictate changing roles for auditors and, in some cases, potentially put auditors’ roles in jeopardy.”
The survey reports a continued strong demand for technical skills and an increasing need for data scientists on the IT audit team. Due to cyber security’s current notoriety, IT controls and security work has the C level’s attention. In my view this will fall mostly to the front line IT security engineers. The real opportunity for IT audit now is the continued expansion of continuous audit with independent CAATs using data analytics for insights that would astonish the early IT audit pioneers.
Note: The opinions expressed in this article are solely those of the author.
About Michael P. Cangemi
Michael P. Cangemi is a senior fellow at Rutgers University and serves on the Rutgers Continuous Auditing and Reporting Lab Advisory Board. A former CFO and CEO, a prolific writer, active speaker and senior advisor to various companies, Mr. Cangemi now focuses on providing continuous auditing, continuous monitoring and analytics intelligence for GRC, Finance and Business Process Improvements. He serves on FEI’s Committee on Finance & Technology (CFIT) and their GRC Sub Committee; the EDPACS Editorial Advisory Board; and the Lukka Audit Advisory Board focused on auditing blockchain. His book Managing the Audit Function 3rd Edition was published by Wiley and has been translated into Chinese and Serbian.
Click to watch the video: How an IT auditor transformed their role and ultimately the organization with the use of IDEA data analytics.