Digital auditing of emerging tech – an ongoing journey

Providing assurance for highly complex digital solutions challenges both management and auditors. But it’s an important way to establish trust. As society and organizations become more dependent on the reliability and security of these solutions, independent assurance becomes more relevant. 

How do we know whether digital applications and solutions are sufficiently secure? Are the answers generated by algorithms honest and fair? Are we sufficiently resilient to cyberattacks and are we spending our money on the right digital solutions? These questions are extremely relevant for managers and supervisors of organizations as they must be able to account for their choices. 

In a world where developments move at lightning speed and everyone is linked to everyone, accountability for the quality of digital applications is taking on new dimensions. 

Traditionally, the management report is a form of accountability for policy, which is static in nature and part of the annual cycle. The board report could discuss the digital agenda, and it has recently been explored in certain countries whether an (external) IT audit “statement” can also be added. To date, only a few countries have regulations around the monitoring of technology and corresponding reporting. With the King reports on corporate governance, South Africa, for example, has the longest and most specific references to technology governance. Given the relevance and impact of digital solutions it seems logical also to report on the quality of technology governance in a dynamic and if possible, more “real time” way.

The complexity of information systems caused the emergence of the IT audit discipline in the late ‘80s. IT auditors initially focused on the quality of financial reporting systems; however, they also quickly deployed their knowledge in many other business domains. Independent technology assurance has developed hugely since then and become a relevant discipline in the control and compliance space. Bringing into play concepts of continuous monitoring and auditing makes it much more dynamic and relevant. Providing feedback to stakeholders based on actual real-time data improves the impact of the audit. Furthermore, technology helps the audit discipline to become more efficient and effective. 

Given the complexity of digital solutions, different experts often work together to resolve issues. This also applies to the control and assurance efforts. A common body of knowledge across the different areas of expertise helps in shaping a common language to work together effectively. Not only IT auditors should understand these basics: business and technology management and risk management also play a vital role in shaping secure and reliable information systems.

As complexity increases, the audit of blockchain, algorithms, artificial intelligence, machine learning and cloud solutions needs to be addressed. Process mining as a tool to get insights and understand complex processes is also highly relevant for the IT audit discipline. Against this background, it’s not just the audit of technology that’s important; the audit itself evolves with the help of technology. Innovation in the audit profession is ongoing based on well-developed knowledge and several disciplines working together. 

Bridging the business world and research agenda of academia can help progress happen, as we see with the IT governance research agenda of the Antwerp Management School. Using case studies and experiments, the technology governance and impact on board behaviors have been improved and turned into methodologies for management and auditors. As a seasoned IT audit professional and one of the editors of Advanced Digital Auditing (Springer 2023), I also contribute to the knowledge base required to provide assurance to different stakeholders.

Do you want to learn more about the knowledge and insights required to control and monitor digital developments? Reach out to us – we’ll be happy to support you on your digital journey.