Expansion of IT Security Audit Scope
On December 30, Deloitte Korea Group announced that it is advancing its IT internal audit services, focusing on the prevention of IT security incidents and the verification of control effectiveness for financial institutions, public organizations, and large enterprises.
IT internal audit is an audit activity that inspects and verifies whether a company's core IT control systems-such as IT governance, information security, system operations, access control, and outsourced or cloud environments-are functioning effectively in actual operations. Despite many companies having established IT control standards, they face challenges due to a lack of dedicated IT audit personnel, limited technical understanding, and insufficient experience in controlling outsourced and cloud environments. As a result, there are concerns that internal audits often fail to fully reflect the rapidly changing IT environment, with controls sometimes operating only formally or being applied to limited systems in practice.
In response, Deloitte stated that it has strengthened its IT internal audit services to reflect changes in the regulatory environment and the trend of digital transformation. Deloitte’s advanced IT internal audit service comprehensively covers: ▲ diagnosis of IT governance and internal control systems ▲ inspection of information security and personal data protection ▲ audit of system operations and access controls ▲ verification of controls over outsourced and cloud environments ▲ and checks for compliance with relevant regulations. Notably, the audit scope is designed to reflect actual incident cases, such as frequent account management failures, insufficient control over outsourced personnel, and server security configuration errors.
With the acceleration of digital transformation among companies, the audit scope has been expanded beyond traditional IT and information security areas to include emerging technologies such as AI, cloud, and blockchain. Through this, companies can prevent IT failures and security incidents and respond more systematically to the evolving IT environment.
Lee Seunghee, Managing Director of IT Internal Audit Services in the Audit Division at Deloitte Korea Group, stated, "Through effectiveness-focused IT internal audits, Deloitte helps companies clearly identify key IT risks, set priorities, and establish stable control systems even amid a rapidly changing IT environment."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
