Business and technology strategy are rapidly converging.
Business and technology strategy are rapidly converging. In many instances, IT is no longer just an enabler of the business—it is the business. In a world where everything from automotive to banking relies upon technology, IT audit methodology needs to change. The future of IT audit should align itself with IT’s new strategic role and to act as an adviser, not solely an auditor.
Common questions related to information and technology are:
- Are we at risk? How risk mature are we?
- Are we compliant to laws and regulations? Are we prepared to comply with upcoming laws and regulations?
- What is our strategy moving forward? Is our IT strategy aligned to our business and IT risks?
The IT Audit practice has recognized capabilities and subject matter experience assisting clients in understanding areas of business and industry risk (governance, process, operations, and IT) that translates and aligns IT risk components to the business, with the ability to go beyond a company’s standard areas of IT controls and to ensure business-IT alignment. For these risk assessments we use our internal Deloitte Risk Methodology as well as frameworks like COBIT, ISO, and ITIL.
How can you make an impact?
Your responsibilities will include performing risk management assignments with a focus on IT Processes and systems. For example, you will test which IT risks affect impact financial reporting, you will bring possible outcomes, look at the current control measures and examine which risks have been realised and what their impact is.
With an IT audit you don't stop at a report on identified risks, but provide your client with good, solid advice that matches the risks, the organisation and the people. As an IT auditor, you focus on specific risks related to processes and technical configurations such as the authorisation model of the configuration of process controls.
Another task could be to designing, implementing and improving an authorisation model, a role model or a business control framework, or conducting a security review for vulnerabilities. All the tasks you perform have a strong IT purpose - as a risk management component within an IT landscape with an Assurance purpose.
By working with different customers in multidisciplinary teams, you will get an insider's view of a wide variety of organisations and specialisms. Your responsibilities will increase rapidly as there a steep learning curve.
How will you do it?
As an IT Auditor, your passion lies in improving IT-related business processes systems and managing changing IT Risks within organizations. Through analyses, controls, advice and audits, you will help the clients of Deloitte Audit & Assurance to achieve this. ERP systems form the core of the IT.
Environment that supports the operational and financial activities of most of our clients support. In your role, you will be the voice of the client. As an IT Auditor you will do the following:
- perform (IT) risk management related assignments at clients within different industries (see an overview of industries on our website);
- analyze (IT) risks in relation to business processes and supporting IT;
- analyzing current (IT) control measures and/or identifying opportunities and consequences.
testing whether control measures have worked sufficiently (and thus not too much) to manage (IT) risks.
- drafting and proposing concrete improvements to our customers; working together with our client to realize improvements in practice.
How will you grow?
- While becoming an expert in our methodologies and technologies, you’ll be responsible for the quality of end-deliverables.
- Gradually, you’ll take on more responsibility as you guide consultants and become a trusted point of contact for our clients.
- You’ll continuously hone your soft skills such as project management, coaching, report writing, communication, and presentation skills.