Download presentation
Presentation is loading. Please wait.
Published byJesus Sweeney Modified over 11 years ago
1
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4, 2007
2
2 Changes in the IT Audit Profession Current Business and Regulatory Issues that Impact IT Auditors Skills Needed by Todays IT Audit Professional
3
3 Changes in the IT Audit Profession Current Business and Regulatory Issues that Impact IT Auditors
4
4 Perception of the IT organizations value Performance Almost 60% of organizations have either no process or only an informal process to measure realization of business benefits For 50% of companies, IT Governance was not an integral part of their organizations corporate governance COBIT and ITIL frameworks are used effectively by less than 20% of organizations Almost 50% of respondents had experienced at least one project failure in the past 12 months
5
5 Current Business and Regulatory Issues that Impact IT Auditors Current Business and Regulatory Issues that Impact IT Auditors, cont. Perception of the IT organizations value Cost Over 60% of organizations felt that the emphasis on cost targets & financial success criteria were about right in their IT outsourcing contracts, however, only 41% include financial measures in assessing overall benefits delivered by the outsourcing contract at the board level. IT Outsourcing is being selectively and partially reversed by some organizations – especially in the areas of IT architecture, planning, and project management Well over a majority of IT projects deliver on less than 75% of their business case benefits Almost 50% of respondents reported project failure costs ranging from $500k to over $5M
6
6 Current Business and Regulatory Issues that Impact IT Auditors Current Business and Regulatory Issues that Impact IT Auditors, cont. Business risks and regulatory pressures Fortune 1000 companies expressed key Privacy related concerns: Reputation damage64% Customer loss44% Privacy issues to grow in scope and scale87% High profile lawsuits expected55% Non-IT senior management involvement Non-IT senior management involvement Over 75% of senior executives say that they are not prepared to address new technologies, and over 80% are not prepared to address the manual workarounds produced by legacy systems The finance function is involved in IT investment decisions about 90% of the time
7
7 Current Business and Regulatory Issues that Impact IT Auditors Current Business and Regulatory Issues that Impact IT Auditors, cont. Post – SOX control misalignment Over-specification, lack of automation and controls IT controls posed the greatest challenge to 2005 SOX compliance efforts Over 70% estimated that more than 60% of their controls were manual Disparate underlying systems and processes Over 60 % of companies surveyed globally were using dissimilar systems and spreadsheets/manual processes in their financial reporting process Over 50% of the companies plan to implement a new IT system within the next 2 years
8
8 Current Business and Regulatory Issues that Impact IT Auditors Current Business and Regulatory Issues that Impact IT Auditors, cont. Sarbanes Oxley Impact Greater scrutiny of financial accounting and reporting processes Significantly Increased Focus on the IT controls impacting external financial reporting – general controls and application controls More focus on the end-to-end business cycles, such as order to cash, purchase to pay, customer relationship management, supply chain management Significantly increased focus on compliance and ethics
9
9 Current Business and Regulatory Issues that Impact IT Auditors Current Business and Regulatory Issues that Impact IT Auditors, cont. Changing Business Models Many different models – shared services, outsourcing and off- shoring. Significantly increased use of third parties for core functions Technology Changes ERP new releases; Business Intelligence; Service Oriented Architectures are delivering increased functionality and reporting capabilities. The way business processes function and the embedded control features are changing.
10
10 Changes in the IT Audit Profession Skills Needed by Todays IT Audit Professional
11
11 Skills Needed by Todays IT Audit Professional Sarbanes Oxley / Regulations Increased Knowledge of external financial reporting, accounting / audit requirements and financial reporting processes so that IT controls can be prioritized and evaluated in a manner that can be understood by key constituents – external auditors, CFOs and key finance managers. Increased understanding of compliance and ethics programs. Increased Understanding of legal and regulatory requirements – contractual responsibilities relative to Third Parties, data protection and privacy laws.
12
12 Skills Needed by Todays IT Audit Professional, cont. Changing Business Strategies and New Business Models Increased Knowledge of Business Objectives and Strategies so IT functions, capabilities and controls can be considered within a Business context and prioritized based on business impact. Increased understanding of alternative business models – e.g. outsourcing, off-shoring and shared services so that IT controls are understood and evaluated as the business model changes and relative to third party business relationships. Increased Knowledge of global business issues – population shifts, use of global business models, cultural and regulatory differences.
13
13 Skills Needed by Todays IT Audit Professional, cont. Technology Changes As technologies provide enhanced end-to-end solutions, an increased understanding of business cycles and concepts, such as order to cash, purchase to pay, customer relationship management, supply chain management – so that IT controls are considered and evaluated at the process level across the enterprise. Increased understanding of evolving technology trends – Service Oriented Architecture, Business Intelligence – so that IT control concepts are considered.
14
14 Skills Needed by Todays IT Audit Professional, cont. Audit Integration Increased Knowledge of IT Management and Control frameworks – ITIL, COBIT so that IT management and controls are understood from all dimensions and can be evaluated holistically. Knowledge of non-IT audit requirements, so that IT audits can be integrated with audits that have operational, financial or regulatory objectives. Communication skills to relate to a more varied set of constituents – Financial officers, legal counsel, third party relationships.
15
15 Presenters contact details Stephen G. Hasty, Jr. KPMG LLP (704) 371-5234 shastyjr@kpmg.comwww.kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. ©2006 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.