Anybody familiar with information technology knows it clearly that it changes at a very fast pace. So it is quite logical and imperative that IS auditors need to remain updated about all these continuously updating developments in technology. Otherwise, it will become very difficult to audit information systems for an IS auditor who does not know much about the latest information systems under review. This is where managing information systems audit resources is very important.
And it is also one of the mandatory requirements of IS auditing standards from ISACA that the IS auditor has to remain updated and maintaining satisfactory level of competence. This mean that it is auditor’s responsibility to keep his skillset about auditing and technology updated according to the requirements of his work assignments.
Continuing Professional Education
And ISACA also ensures this directly by requiring that all IS auditors that are CISA certified maintain a minimum level of continuous professional education every year. And it is important that the skill set and relevant knowledge about the systems to be audit are taken into account while assigning human resources for an audit assignment.
It is not essential that all auditors in a team should know everything about every aspect of the systems in audit review. But it is highly desirable that they should possess these skills as a team so that they can effectively audit the systems.
A good way to address this IS audit resource management is by having regular training in a planned way. Which means that the higher management, keeping in view the yearly plan of audit, also plans the training to update knowledge and skillset of the auditors.
These training requirement can be reviewed regularly using TNA (training need assessment) tools which will identify the technologies and related areas where training is required. One key aspect is to keep in focus the direction that the audit function is taking in the organization and that should be in sync with the technological direction that the organization is taking.
Necessary Tools and Resources
It is also considered a part of the IS audit resource management that the resources are fully equipped and whatever audit programs, tools and other guidelines they need for an effectively audit are provided.