IT Risk Assessment in Internal Audit as a Part of Business Analysis in Organizations

Abstract:

The article looks into the methodological aspects for risk assessment in the area of information technology application (IT risk), performed for internal audit purposes. In this research, internal audit has been assumed as a part of broadly business analysis process in the company that is directed to improve effectiveness of business activities and decision-making process. The author analyses the current state in terms of methods for assessing risk and its components, and the systematisation of the basic factors affecting risk assessment. Particular attention is devoted to the analysis of normative and methodological documents dealing with the risk identification issue in the areas of application and use of information technologies in organisation. Elaboration of models for the practical assessment of IT risk, within a more broadly viewed concept of risk assessment for the needs of internal audit and economic analysis, was performed on the example of control self-assessment, whose theoretical foundations are currently still in the initial stage of formation, which contributes to the relevance of the topic and provides a basis for further research into the observed problem in perspective. The essential conclusions of this paper confirm the advantages and point to the necessity of integrating competencies in the area of information systems application in internal audit and business analysis. Comprehending the influence of information technologies on the audit and business analysis process is established as one of the key competencies, which is not only desirable, but also indispensable for all internal auditors and business analysts involved in the problems of organisational risk assessment and management.