In this article, Cees-Jan and Fabienne, two employees of WVDB, will discuss how new technological developments are leading the field of IT-auditing to be a rapidly changing environment. How do (IT-) auditing, analytics, robotization, privacy and DevOps come together and what are the trends for 2020?
IT-Audit trends of 2020: a WVDB analysis
Cees-Jan graduated at WVDB from September 2018 until January 2019. After a few months off, he started as a junior IT-auditor in April. As an IT-auditor, he visits companies to get insight into their IT environment and to form an opinion about the IT related risks and control measures that they have in place. Thanks to his reports, financial accountants know which IT-related risks should be included in their work and the client knows what systems, processes and procedures to improve on to reach an acceptable level of risk. Besides his work, Cees-Jan has just started a 2,5 year lasting study at TIAS in Tilburg to become a registered EDP(/IT)-auditor, as is of course facilitated and encouraged by WVDB.
Fabiënne started in September 2019 as our newest IT Audit & Advisory graduate intern in Waalre to complete her master Information Management. Her thesis focuses on project management methods in Small and Medium-sized Enterprises. Even though a thesis period is often viewed as a long and tedious process, WVDB facilitated a smooth and flexible thesis period for her. WVDB ensures close collaboration with its employees and clients for the data gathering element of the thesis. Alongside writing her thesis, Fabiënne works, volunteers, and is active in a study association committee.
WVDB and its clients
WVDB is an advisory and audit firm of approximately 350 employees, which is located in Waalre (near Eindhoven) and Rosmalen (near Den Bosch). It is a unique organization, as it does not only employ accountants and advisors but also has a tax and corporate finance department, as well as a strong alliance with VDB, which offers legal and notary services. This means many clients see us as an adviser, rather than just an accountant or a lawyer. Because of this multi-disciplinary approach, there is always a colleague within reach that has the answer to whatever problems a client might have. WVDB’s clients are mostly Small and Medium Enterprises located in Brabant, often family owned. This, however, does not at all mean that they are old-fashioned, or unprofessional. As the Eindhoven Brainport area grows further and further, so do many of our clients. Most of them have grown to a turnover of many millions and are selling their products worldwide, while their roots (and headquarters) remain here.
Trends in the field of (IT-)auditing
Like its clients, WVDB needs to keep up with the latest trends and technologies. While you might think of accounting firms as being rather conservative, the professional association of accountants (NBA) describes the current Dutch accountancy industry as being a rapidly changing environment, due to the major impact of technology (van Almelo, Breij, Vlaming, & Wielaard, 2019). A clear shift from traditional methods to a more proactive, value-creating approach to IT audit is apparent. Let’s look at some of these developments, including the way WVDB is helping its clients by using them in practice.
Analytics and robotization
An ISACA (2019) report on the future of IT-auditing speculates that robots might monitor and even audit complex technology systems in the foreseeable future. The results from a large-scale survey in the report are inconclusive, but the increased reliance on (AI-assisted) monitoring and analytics is more than clear. In the daily practice of WVDB, we also see the growing demand for (direct) insight into the performance of organizations through the use of various analytics tools. While robotization might be one bridge too far at this point, our team of data-analysts is spending a considerable amount of its time on the development of new ways to create insight for colleagues and clients. In the last years, we have also seen that other disciplines of WVDB, such as tax advisers, are interested in adding analytics to their services. We expect that the IT maturity of many of our clients will grow exponentially in the near future, which will create the possibility for us to increase the amount of automation in our approach as well.
Privacy and the GDPR
While new technologies seem to have endless possibilities, there is also a growing group of people that see the dark side of technologic development. How much do the NSA, Google, Huawei, and Facebook actually know about you? New technology also calls for new kinds of legislation and control measures. Ever since the GDPR was first announced, privacy has been a hot topic in the Netherlands. To comply with the law, new documents have to be created, procedures have to be altered and employees have to be trained in treating personal information more carefully. A mixed team of IT and legal advisers from WVDB has helped clients in doing so by reviewing specific documents and performing GDPR maturity measurements. For instance, we helped a company that provides health and safety services (arbodienst) for over 1.5 million employees in the Netherlands and another company that develops and sells consumer electronics such as “smart speakers” all over the world. For these companies, processing personal information is part of their core business. We believe that in the future, the importance of data, data analytics and therefore data protection will only grow further.
DevOps in IT audit
Over the years, DevOps has evolved from a niche software development practice into a widely used approach. DevOps ensures improved automation of testing to keep up with the increased demand for flexible software development (Lwakatare, Kuvaja & Oivo, 2016). The sudden excessive popularity of the method together with the current deficiency of academic research on DevOps in combination with IT audit processes has left the IT audit practice unprepared. The usage of DevOps goes against conventional IT assurance controls and demonstrates that the traditional approaches are not effective. To guide IT auditors in IT assurance projects where DevOps is used, new guidelines and controls are necessary. By stimulating and incentivizing employees to develop themselves further through RA and RE studies, various courses and other educational methods, WVDB aims to stay on top of new developments in the (IT-)audit field. This way, it can help their clients by pointing out possibilities and offering specific knowledge that most companies do not have the resources to research themselves.
What about you?
How do you feel about the above-mentioned subjects? Let us know in the comments or reach out to us by sending an e-mail to firstname.lastname@example.org!
Almelo, van, L., Breij, E., Vlaming, H., & Wielaard, N. (2019). Trends in accountancy 2018-2019. Amsterdam: Koninklijke Nederlandse Beroepsorganisatie van Accountants (NBA).
ISACA (2019). The future of IT Audit: Research Brief (the “Work”). Retrieved from https://www.isaca.org/Knowledge-Center/Documents/Future-of-IT-Audit-Report_res_eng_0219.pdf
Lwakatare, L.C., Kuvaja, P., Ovivo, M. (2016). An Exploratory Study of DevOps: Extending the Dimensions of DevOps with Practices. Conference: The Eleventh International Conference on Software Engineering Advances (ICSEA). Rome, Italy.