With several emerging technologies on the horizon, IT functions within companies face on-going requirements to maintain, upgrade or decommission systems. These activities require appropriate checks to ensure they are conducted in line with best practice.

Technology risk auditors apply internal audit principles but additionally have more detailed technology knowledge (e.g. in areas like cybersecurity) so they can interrogate existing systems and follow up where breaches have occurred (or could do so).

This role requires an awareness of key issues, latest developments, and industry best practice. In particular, where intellectual property (IP) and organisational data could be compromised and what safeguards are in place to protect these. They will also be responsible for putting processes in place for periodic checks and suggest changes to organisational processes where needed.

They will also need to support new implementations; to ensure risks are accounted for and mitigated and no new threats are introduced into the organisation as an unintended consequence.  Related to this, they will be responsible for maintaining the organisational technology risk register, and for updating this in a timely manner.


High level competencies required by a technology risk auditor include:  

  • Audit, assurance and advisory

    A. Advises on and communicates effectively the role and scope of audit, assurance and advisory engagements to relevant stakeholders.

    B. Applies regulatory, legal, professional and ethical standards relating to advisory, audit and assurance engagements

    C. Plans and prepares for audit, assurance and advisory engagements

    D. Performs effective audit and assurance engagements

    E. Reviews and reports on the findings of audit and assurance engagements.

    F. Guides efficient and effective operations.

  • Governance, Risk and Control

    A. Evaluates organisational structures and governance to protect the long-term interests of stakeholders.

    B. Recommends appropriate strategies to ensure adherence to governance structures and application of best practice internal controls.

    C. Identifies and manages risk appropriately.

    D. Uses risk management for the best interests of an organisation and its stakeholders.

    E. Monitors and applies relevant legislation, policies and procedures.

  • Stakeholder Relationship Management

    A. Positively develops relationships with internal and external stakeholders.

    B. Communicates and gains commitment from internal and external stakeholders.

    C. Uses emerging technologies to collaborate and communicate effectively with stakeholders.

    D. Applies professional and ethical judgement when engaging with stakeholders.

    E. Aligns organisational strategic objectives with stakeholder needs and manages expectations.

  • Ethics and Professionalism

    A. Develops advanced ethical values and professional skills in the promotion of public interest and the profession.

    B. Demonstrates personal effectiveness in fast changing environments.

    C. Encourages innovative thinking within the context of professional scepticism.

    D. Thinks proactively about the future, applying professional judgement and commercial intelligence and seeks specialist input when needed.

    E. Communicates effectively and influences others.