Internal Auditing Must Take a Lead in Meeting the Risks from Future Information and Communications Technology Synopsis Continuous research by the Audit Commission in the UK into public and private sector experience with information and communications technology (ICT) abuse, recognizes that

‘   new technology continues to present an ever-increasing range of risks for users’.

Attitudes to this vary among users. Internal auditing will have opportunities in the future

‘   to take the lead here, to influence and point people in the direction of [security]

improvement   ’. Internal auditing should be ‘   frightening people who have influence   ’

into taking appropriate action. Listed are questions that should ‘   raise the heckles of internal auditors, resulting in cutting edge resources and practices for the audit of IT security’.

Contributed by Iain R. Brown, Technical Manager, Audit Commission, Visiting Senior Lecturer at the Birmingham City University and author of As IT Is: A Taste of IT Security and Computer Audit. This case study is based on a viewpoint article written by him and published in Internal Auditing & Business Risk, February 2005.

After Reading the Case Study Consider:

1. Is internal auditing in your organization taking a lead in facilitating and measuring the risks from future information and communications technology?

2. What recommendations can you take from this case study to create cutting edge internal auditing resources and practices in your organization’s identification, measurement and monitoring of these risks?

3. Is your organization’s control over information and communications technology best practice now and will it be in the future?