In the United States in the early 2000s, several very public cases of financial fraud occurred within large organizations such as WorldCom, Adelphia Communications and Enron. The construction and facilities management corporation Carillion in the United Kingdom raised similar fraud concerns, as did audit allegations pertaining to the powerful South African family, Gupta.
These events exposed public auditors—and their achievement and maintenance of independence—to increased scrutiny under the public eye. The US Securities and Exchange Commission (SEC) eventually became involved and, although internal IT auditors are not subject to the rules of the SEC, independent guidance provided to public auditing firms became a resource for internal IT audit best practices.
These circumstances, combined with an ever-increasing rate of digital transformation, have put IT auditors at a crossroads. The role of the auditor within an enterprise is shifting as auditors are asked to utilize their expertise to serve as advisors or consultants. While these changing expectations keep IT auditors relevant, they also have the potential to raise concerns about independence and objectivity.
To offer additional guidance for IT auditors as they contemplate participation in advisory services, ISACA® has released the An ITAF™ Approach to IT Audit Advisory Services white paper. This white paper discusses the importance of consulting with stakeholders as to whether independence or objectivity has been impaired when making decisions related to participation in advisory engagements. This white paper is a companion piece to the newly updated ITAF: A Professional Practices Framework for IT Audit, 4th Edition.
Learn more about challenges to the principles of independence and objectivity, and how ITAF can resolve them, by reading An ITAF™ Approach to IT Audit Advisory Services, available on the ISACA website.