Abstract

Ramkumar's document presents a comprehensive framework (COBIT, NIST, FFIEC CAT, FFIEC IT Handbook) for establishing, implementing, and maturing a robust Technology Quality Assurance Review (QAR) program within internal audit, emphasizing its strategic imperative in today's complex digital landscape. Driven by escalating technology risks (cybersecurity, cloud, AI), evolving regulatory demands (FFIEC, COBIT, NIST CSF, GLBA, SOX, NYDFS, State Privacy Laws), and the need for reliable assurance, the framework details a systematic approach grounded in IIA Global Internal Audit Standards (specifically the QAIP) and integrated with key governance and control frameworks like COBIT and NIST CSF. It outlines core QAR principles, a phased implementation roadmap, a maturity model for assessing and advancing capabilities, and the critical role of leadership in driving quality. The core of the framework involves a detailed methodology for QAR, often executed via checklists, designed to rigorously evaluate the entire lifecycle of technology audits – from planning, risk assessment, and scoping through fieldwork execution, evidence gathering (sufficiency, reliability, relevance), findings development (including root cause analysis), and reporting quality. The framework stresses the need for QAR to assess audit coverage and technical rigor across crucial domains such as cybersecurity and resilience, IT General Controls (ITGCs), cloud computing assurance, data governance/analytics/AI, third-party risk management, and specific regulatory compliance. An example application is provided through a detailed QAR checklist tailored for IT audits of online banking services. Ultimately, this integrated approach aims to enhance technology audit quality and effectiveness, provide credible assurance to stakeholders, foster continuous improvement within the internal audit function, and demonstrate its value in governing technology risk.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS