Copyright © 2014 Deloitte Development LLC. All rights reserved.

IT Internal AuditAuditing What Matters

Copyright © 2014 Deloitte Development LLC. All rights reserved.

IT Internal Audit Approach

Risk

Value

Level 1Core

Level 2Advanced

Level 3Emerging

A

BC

D

E

F

G

HIJ

K

L

M

N O

P

Q

2

Copyright © 2014 Deloitte Development LLC. All rights reserved.

• Repetitive services• Compliance focused• Comprises most of

current audit universes• Commoditized audits

IT Internal Audit Projects

Core

ITGCs

SOX Testing

DRP

Other Compliance

SoD

A

B

C

D

E

Level 13

Copyright © 2014 Deloitte Development LLC. All rights reserved.

• Repetitive services• Compliance focused• Comprises most of

current audit universes• Commoditized audits

IT Internal Audit Projects

Core

ITGCs

SOX Testing

DRP

Other Compliance

SoD

A

B

C

D

E

• Maturing technologies that haven’t been a focus

• Some compliance aspects

• Opportunities to add value

Advanced

IT Governance

Attack and Pen

IAM

End User Computing

Software Asset Mgmt

GRC

F

G

H

I

J

Level 1 Level 2

K

4

Copyright © 2014 Deloitte Development LLC. All rights reserved.

• Repetitive services• Compliance focused• Comprises most of

current audit universes• Commoditized audits

IT Internal Audit Projects

Core

ITGCs

SOX Testing

DRP

Other Compliance

SoD

A

B

C

D

E

• Maturing technologies that haven’t been a focus

• Some compliance aspects

• Opportunities to add value

Advanced

IT Governance

Attack and Pen

IAM

End User Computing

Software Asset Mgmt

GRC

F

G

H

I

J

• New technologies• High visibility/risk• Highly strategic• Significant opportunities

to provide additional value

Emerging

Mobile Endpoint

Cyber Terrorism

Privacy

IT Risk Mgmt

Enterprise Record Mgmt

Social Media

Cloud Computing

L

M

N

O

P

Level 1 Level 2 Level 3

KQ

5

R

Copyright © 2014 Deloitte Development LLC. All rights reserved.

Current State

Level 1Level 2Level 3

IT Internal Audit Universe Allocation

Future State

Level 1Level 2Level 3

6

Copyright © 2014 Deloitte Development LLC. All rights reserved.

Contacts

7

Michael JuergensManaging PrincipalInformation Technology Internal AuditDeloitte & Touche LLP+1 213 688 5338michaelj@deloitte.com

Twitter: @michaeljuergensLinkedIn: www.linkedin.com/pub/michael-juergens/2/221/988/

Tune in to this brief audio/visual presentation at:http://event.on24.com/clients/deloitte/portal/index.html?playlist=itia&event=700466

Copyright © 2014 Deloitte Development LLC. All rights reserved.

This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication.

About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.