The role of the internal auditor continues to evolve in the face of dynamic changes to Qatar’s technological landscape. All business functions are becoming increasingly dependent on IT systems and infrastructure. The increasing pressure on critical infrastructure has presented internal auditors with new and complex operational and risk management challenges that has disrupted the status quo.
Specifically, internal auditors must consider the following to remain relevant during these times:
Keep up with the transformation activities in the country and organization –Internal auditors must stay aware of and align themselves to the transformation needs across Qatar and the organization. This can be challenging, as it requires the ability to scale up and add relevant and specific technology skills at short notice.
Cultivate skills into audit teams that can address new technology and emerging risks –Internal auditors must keep pace with emerging technology, which can be extremely challenging given the pace of IT change. Being able to call on specific technology subject matter professionals when needed is critical to being effective across the organization.
Transform how to work –Internal auditors must continue to keep pace with ever changing business needs. This may include expanded use of data analytics in audit activity, refining remote working techniques, or adopting more agile approaches to audit execution.
Revisit your recruitment plans and sourcing strategies: The conventional idea of engaging or hiring separate “business auditors” and “IT auditors” has been challenged by the changing business needs. Emerging technology risks have found their way into the conventional audit programs, effectively blurring the lines between IT and non-IT auditors.
Rethink how to report findings and make recommendations –Risk functions are moving toward a quantifiable view of risk to guide the organization’s risk and control investments in areas of highest return as well as reducing exposure. Internal audit should follow suit to make their recommendations more impactful to the risk appetite and regulatory / industry requirements.
A challenge Internal Audit functions have always had, and even more so going forward, with a limited budget and resources, is how to best prioritize where your auditors spend their time. Through this report, we have identified key areas where Internal Auditors need to focus to ensure an organization’s technology and business interests are protected.