Technology Internal Audit

2022 and beyond

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393

Matt Tobey

Matt Tobey

Advisory Managing Director, KPMG US

+1 480-459-3601

With technology becoming more prevalent and more strategic than ever before, boards, audit committees, and senior management are relying on technology internal audit as their primary mechanism to assess its strategic risks.

Whether it’s increased use of robotic process automation or artificial intelligence to support business-process optimization, further use of evolving cloud technologies, or the evolution of cyber strategy to combat emerging threats, business leaders who are responsible for governance need technology internal auditors to partner with management to ensure risks are appropriately managed.

However, to be effective, technology internal auditors must establish credibility with business leaders by being able to demonstrate their skills, knowledge, and ability meet these heightened expectations. Without that credibility and stakeholder trust, it will be difficult—if not impossible—for the technology internal audit function to rise to these new challenges required by the business.

In our new thought leadership piece, Technology Internal Audit: 2022 and Beyond, we address how technology internal auditors can overcome some of the barriers they can face in establishing credibility and trust so they can become true strategic advisors to the organization around managing technology and risk.

Click here to read the article.


The three pillars of credibility and trust

Technology internal audit teams must build a foundation of credibility and stakeholder trust to meet the heightened expectations from business leaders. That starts by addressing these three pillars:


Businesses are investing in emerging technologies that keep evolving at an ever-increasing rate. Technology internal audit teams must be highly technically skilled and knowledgeable in the full suite of technologies deployed by the business. They must also be able to translate emerging technology risk into business risk in order to hold meaningful conversations with executives and board members.


As organizations and industries are rapidly changing and increasing their use of agile processes, such as continuous integration/continuous delivery (CI/CD), mobile technologies, and remote workforces, technology internal audit teams need to think differently about how they deliver their services. That means adopting new methods, including rapid assessments, quick audit memos, and aligning to how the business works.


Businesses are rapidly increasing the digitization of their operation. As the changes move more quickly, assurance needs to adapt and be able to operate in real time. Leadership needs the technology internal audits’ independent perspective on these large, strategic initiatives before it invests significant capital on ineffective programs and potentially introduce new risks. Technology internal audit teams must provide insights above and beyond control issues and use data to address real-time issues.