GTAG: Auditing Smart Devices

Smart devices, such as cell phones and tablets, offer truly mobile and convenient options for working remotely. Like any new or expanding technology, smart devices also introduce additional risks for organizations.
Internal auditing’s approach to assessing risks and controls related to smart devices is evolving as new technologies emerge and the variety of devices increases. To meet these challenges, internal auditors are tasked with:
- Understanding the organization’s smart device strategy.
- Evaluating the effect of smart device technology on the organization.
- Providing assurance over the smart device environment by:
- Identifying and assessing risks to the organization arising from the use of such devices.
- Determining the adequacy of applicable governance, risk management, and controls related to such devices.
- Reviewing the design and effectiveness of related controls.
Chief audit executives (CAEs) should have a thorough understanding of the opportunities and threats that smart devices present to the organization and the internal audit activity. The internal audit activity can support management’s efforts to mitigate risks associated with the use of smart devices.
This guidance should help internal auditors better understand the technology, risks, and controls associated with smart devices. Appendix C provides an engagement work program, including a risk assessment, designed specifically to evaluate risk management and controls related to smart devices.