CA Ravi Taori

         (CNO DAA.100) Identifying the Risks Arising from Usage Of IT
         How to identify the IT Risks?
         (Shortcut: NCA)
         IT Application Nature: The auditor should consider the nature of the identified IT application when identifying
         risks arising from IT use.
         Cybersecurity Risks: Risks related to cybersecurity are a significant concern in the use of IT.
         Automated Application Controls: The volume or complexity of automated application controls can increase
         IT risks.
         Greater reliance by management on automated controls for transaction processing or maintaining information
         integrity can lead to more IT risks.
          Risks arising from use of IT
         Law Related
         Regulatory Compliance & Performance: The increasing use of IT in businesses elevates the risk of regulatory
         compliance, as changes in laws or guidelines can impact costs and investments. Different sectors have unique
         regulatory requirements, but all must manage compliance risks. IT system performance can be affected by heavy
         data load and network usage.

         System Related
         1A. Integration and Compatibility Risks: Risks arising from system integration and compatibility, including
         potential widespread failure due to a single system's malfunction, incorrect results from improper integration,
         and compatibility issues due to different software versions or un-upgraded patches.
         1B. Performance and Scaling Issues: Scaling, or adding resources to existing nodes, can address these issues but
         may be costly, necessitating informed decision-making.
         2A. Unauthorized Changes to Master File: Unauthorized changes to data in master files.
         2B. Unauthorized Changes to IT applications: Unauthorized changes to IT applications or other aspects of the
         IT environment.
         3. Failure to Update: Failure to make necessary updates to IT applications or other aspects of the IT environment.

         IT Personnel Related
         IT Personnel Access Privileges: IT personnel gaining access privileges beyond their necessary duties, breaking
         down the segregation of duties.

         Data Related
         Data Loss: Risks arising from data loss or corruption due to inadequate cybersecurity controls and protocols.
         This includes potential system encryption by hackers, unauthorized system access, alteration of information,
         physical security breaches, and theft of sensitive information.
         Unauthorized  Data  Access:  Unauthorized  access  to  data  leading  to  potential  destruction  or  improper
         alterations. This includes recording of unauthorized or non-existent transactions, or inaccurate recording of
         transactions. Risks are heightened when multiple users access a common database.

         Processing Related
         Inappropriate Manual Intervention: Inappropriate manual intervention in IT processes.
         System  Downtime:  Risks  associated  with  IT  system  unavailability  due  to  hardware  failures,  faulty
         configurations, cyberattacks, or power outages, potentially disrupting business operations.





         www.auditguru.in                                                                                  12.5