Submitted by: Submitted by mar3623
Views: 131
Words: 1865
Pages: 8
Category: Business and Industry
Date Submitted: 05/27/2014 05:46 PM
Internal Auditing
September 25, 2013
One of the key interests for Internal Auditors today is IT Risk Management. It’s a field that will continue to grow throughout my entire career and a topic that greatly interests me aside from Forensic Accounting. There are countless areas where IT risk can be managed, but there are 10 key areas that are commonly overlooked. When I formally enter my career path as an Internal Auditor and/or Forensic Accountant, assisting management in managing IT Risk is a high possibility on an area I would like to focus on if possible. The 10 areas are key personnel losses, M&A fallout, poor communications, carelessness with vendors, board engagement in decision making, distributed servers in remote locations, expert knowledge hoarding, employee dating and spouses, lack of documentation, and having a DR plan implemented. Each of these commonly overlooked areas, when overlooked, can create substantial IT risks for an organization, ranging from data loss to a collapse of an organization.
When managing IT risks, putting focus on key end users can eliminate substantial risk. As stated in Tech Republic, “CIO’s tend to keep their eyes on key IT contributors who could leave for other positions, but they forget about the user champions” (Shacklett). Focusing on current key contributors to IT in managing risk is a natural concept for a company to grasp. They possess a deep understanding of the company and by leaving their current position for another, they still hold all of their knowledge from the previous job. This idea can clearly create huge IT risks. However, employers need to also focus on significant end users. Main end users might also possess knowledge of how the organization works, such as a company’s work flow process or how specifically the information they receive is generated. Making sure not only end users leave with as little current information as possible, but end users as well is prudent to any effective IT...