Johannesburg, 02 Feb 2023
The world is never constant; in every season there is an improvement. The improvements are there to phase out the once acceptable ways of doing things to better ways. Have you ever noticed that the masterminds behind cyber attacks move with the trending technology? Sadly, they understand that there are many professionals in the industry of securing information assets who do not have sufficient knowledge in the trending technology and actively exploit the global cyber skills shortage.
In every war, both parties should have knowledge of their opponents’ tactics, strategies and warfare. Such skill helps you prepare and equip yourself with sufficient knowledge to avoid surprises and panic. As information system audit professionals, we should understand technology from both angles, understanding both the enemy and the solution.
There is much activity in the dark web where algorithms are tampered with to grant access to unauthorised individuals. This technology has become widely used by most hackers. Research from 2021 suggests that approximately 53% of hackers used the dark web to gain access illegally where their identity can remain anonymous. Such grounds must be the starting point for every information system audit professional; and as information system audit professionals, we should have strong knowledge on how these systems work and in what ways are they being used. However, the majority of IT security professionals are not well versed with this technology; rather, we still use old methods of thinking and outdated working papers with a basic level of testing to provide assurance that systems are safe and secure. We are still too concerned about passwords and basic controls that are much of an internal threat rather than gearing ourselves and our organisations towards safeguards that protect organisations from the major threats from the outside world.
As IS audit professionals, we must understand that our digital context revolves around data, which is one of the most valuable assets within an organisation. As IS audit professionals, we should be able to visualise stories from data independently. As IS audit professionals, we should understand the necessity of investing in tools and equipment in order to produce quality work. There are tools that have been created to enhance the way we work, such as Tableau and Microsoft’s Power BI for Data Analytics. Emerging software is proving to be more powerful and more useful. An audit can no longer be conducted on a sample, but rather needs to be focused on the full data set. With the software available today, an audit can be carried out continuously and in real-time. With machine learning, it has opened possibilities to audit every transaction to identify control defects and potential fraud. Everything has a story to tell and it is always wiser to listen to everything.
Many audit professionals rely on interviewing as an audit technique. Generally, trying to extract information from people is difficult and, by its nature, information sourced through interviews has the possibility of bias. However, with artificial intelligence, particularly key influencers offered by Power BI and combining it with Python specifically for machine learning offered by Google’s Tensor Flow, one could easily derive independent information to describe and explain events in an objective manner. While this may not be a full substitute of the need to interview auditees, it may contribute to easier sourcing of objective and unbiased information.
Many organisations tend to favour experienced and older candidates for information systems audit roles. The age of the average cyber criminal is declining; there might be a case of change for organisations to consider partnering younger professionals with more experienced professionals. This would promote diversity of mindset, skills, knowledge and experience and contribute to more effective audit and governance teams.
It is very good to understand the business; however, it is also very good to understand market segmentation. Audit approaches and working papers should stand flexible in all circumstances. When deciding on an audit approach, there is no one size fits all whenever; it is wiser to understand the business and the market in which it operates.
Information system audit professionals have an important role to play in creating digital trust in the ever-evolving field of IT. Flexibility, adapting and embracing change is key for information system audit professionals to remain relevant, competitive and provide the necessary assurance in an ever-changing digital world.
Share
The ISACA South Africa Chapter
The ISACA South Africa Chapter is formally recognised as a Professional Body with Professional Designations by the South African Qualifications Authority (SAQA) in terms of the NQF Act, Act 67 of 2008.
The ISAP (SA) and ISMP (SA) Professional Designations that are administered and maintained by the ISACA South Africa Chapter. ISACA members in good standing who have signed the Code of Ethics and meet the minimum underlying qualifications, certification and experience may apply for designations. The completed application form: https://tinyurl.com/25z2kjaj can be sent to info@isaca.org.za.
Contact Us:
E-mail: info@isaca.org.za
Web site: https://engage.isaca.org/southafricachapter/
Phone: (+27) 87 550 9289
Follow ISACA South Africa on Twitter: https://twitter.com/ISACAZA
Join ISACA South Africa on LinkedIn: www.linkedin.com/company/isaca-south-africa
Like ISACA South Africa on Facebook: www.facebook.com/ISACAZA
Follow ISACA South Africa on Instagram: ISACA SA Chapter
Subscribe to the ISACA South Africa YouTube Channel: https://www.youtube.com/channel/UChmcznsOR-YecfPrPXZ5csQ
Come visit us at our office: Unit 1 Bellfour Office Park C/o Edmar & Rogers Streets, Bellville, Cape Town 7600 South Africa.
Editorial contacts:
Arlene-Lynn Volmink, Immediate past president
Robin Williams, Programme Director