This presentation will cover the following scope:
• The IT risk management process
• IT risk management roles and responsibilities
• Performing the IT risk audit
• Example controls for auditing IT risks
• Example tools and techniques for enhancing auditor IT risk knowledge and skillset
Information technology (IT) risks are business risks due to utilization of information technologies —specifically, the business risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise. It consists of IT-related events and conditions that could potentially impact the business. These IT-related events and conditions grow in size and sophistication as enterprises enhance and expand their adoption of technologies.
The goal of auditing information technology risks is to provide assurance that IT-related enterprise risk does not exceed risk appetite and risk tolerance; the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimized.