As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape.
To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication.
During the pandemic, the reliance on virtual private networks (VPNs) was heightened as many shifted to working from home—as did the need to manage its risks and implement safeguards. ISACA’s VPN Security Audit Program provides a foundation for auditors to provide assurance around the effectiveness of implemented VPN controls, including pre-audit planning, governance and oversight, implementation and configuration, operations, and maintenance and monitoring, to avoid some of the following risks:
- The increase in number of end users combined with extended VPN use may put additional pressure on infrastructure and adversely affect performance.
- Failure to detect unauthorized VPN activity may cause denial of service due to excessive traffic or connection attempts.
- Lack of alignment of data classification requirements with VPN requirements and configuration may impair compliance initiatives that are reliant on data classification.
During the pandemic, organizations embraced methods to increase agility and efficiency, including by using Agile. Destination: Agile Auditing outlines how audit professionals can incorporate Agile principles into their audit methodologies. Auditors can learn the basics about Agile auditing, its benefits, how Agile complements established assurance standards, how developing competency in Agile can enhance the planning, fieldwork, and reporting phases of an audit.
The white paper also includes examples of elements from the Agile tool set, including an Agile road map and Agile audit engagement workflows and illuminates key components like sprints, audit backlog and daily standups.
Internal and external auditors, IT auditors and managers, and financial and operational managers can also ensure they are keeping up with the latest guidance in complying with the Sarbanes-Oxley Act in a new edition of ISACA’s IT Control Objectives for Sarbanes-Oxley publication.
This latest edition incorporates updated guidance and standards from the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) and its Auditing Standards Board, with updates including:
- Integrating guidance for implementing internal control over financial reporting (ICFR) using COBIT® 2019, for IT and financial management within enterprises and for their internal and external auditors and consultants
- Aligning with COBIT 2019 Focus Area: Information & Technology Risk
- Providing the mapping of the role of COSO Internal Control – Integrated Framework, 2013 to COBIT 2019
- Highlighting technological innovations and their impacts on auditing IT controls
“The audit landscape is constantly shifting as technologies and regulations evolve, making it essential that audit professionals prioritize continuous learning to ensure they are applying the most current and effective audit practices,” says Robin Lyons, IT Audit Professional Practices Lead. “ISACA is committed to equipping the global audit community with the tools they need to deliver the highest audit standards at their organizations.”