 "Preventing IT Audit Failures")
The Satyam saga was an eye opener to what an audit failure can do to the company. Although the audit process was not the sole culprit, the role of the auditors was crucial. In the aftermath, the enterprise community has started rethinking on how to conduct audits and prevent failures.
The skillsets of auditors have to be upgraded and they need to be better trained. There is one more element that is missing in audits- continuous monitoring. “The systems, process, people and numbers that flow into the balance sheet should be monitored continuously,” said Sunder Krishnan, Chief Risk Officer, Reliance Life Insurance.
This calls for risk assessment on-site and offsite depending on the size and importance of the transactions. Traditional chartered accountants need to adapt to the changes.
Vishnu Kanhere, Senior CA and Fraud Examiner ACFE USA, suggests forming a team of forensic auditors who would report to appropriate heads within the company or the shareholders. These heads would safeguard the interests of the various stakeholders and the company at large.
Automation of the IT Audit Process
Automating the IT audit process would facilitate the above measures as it would limit the intervention of the human element, and still keep human judgment alive by appropriate access controls, which can go a long way in reducing audit failures.
The automation of the audit process has two phases- automation of work papers by the auditors and using automated tools. Both are different and are often considered synonymous.
“When you look at the automation of the audit process, it translates into looking for a workflow kind of a solution wherein the enterprise is able to use the knowledge of an expert auditor who operates in a different country and the auditor at the other end can leverage his knowledge, the review process and the like,” said Krishnan. This is the first part.
The second part is using tools and techniques that are automated. This enables better risk assessment. One important technique that has evolved in the last decade is quantitative risk assessment as against qualitative risk assessment. Both are extremely important. Only quantitative risk assessment doesn’t help. It is an outcome of using modern technologies and predictive behavioural patterns. Qualitative risk management is the use of judgment, experience, and intuition to read that and use it to arrive at outcomes.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
