Technical audit

Last updated October 22, 2023

Technical audit (TA) is an audit performed by an auditor, engineer or subject-matter expert evaluates deficiencies or areas of improvement in a process, system or proposal. Technical audit covers the technical aspects of the project implemented in the organization. For this, an auditor should have a deep knowledge of development, design and security standards, user needs and ethical considerations, with latest algorithms updates.

Objectives of technical auditing

The technical operations are being performed as per requirement.
Sound framework of control is in place to sufficiently mitigate the potential risk, with potential ethics and harm reduction as factors.
The procured technical equipment is technically suitable for the purpose.
Authority and responsibility for operating activities are assigned properly.
Information system is adequate to provide assurance of operating activities being performed properly.
If applicable, the system is updated to incorporate user values (e.g., in the case of ethical artificial intelligence algorithm auditing).

Concentration of technical auditing

Planning and design
Procurement or purchase
Implementation
Impact of project

Areas to be covered by technical audit

Planning and design		Procurement/Purchase		Implementation		Impact of project
Need analysis & Demand analysis Technical Specification preparation and authorization Quality Assurance and Experience of Supplier required in the project If applicable, solicit feedback from or design with users	→	Compliance with Financial Manual Independent evaluation of received proposal.	→	Timely completion of project Provision of liquidity damage in case of delay in project completion. Acceptance Test Report	→	Reduction in operation cost or improvement in operation. Increase market share Improvement in Key Performance Indicator (KPI)s Increase customer loyalty or decrease customer churn Increase Revenue of the company Reduce risk to users

Benefits of technical auditing

Improvement in internal control systems to mitigate the potential risk.
Improvement in the quality of service.
Assurance of Revenue.
Transparent and cost effective procurement of goods and services.
Completion of project on time.
Reduction of project cost and annual operating cost.
Helps re-scheduling of project activities.
Performance improvement of a system.
Harm reduction and centering of system users' values.

Incorporation of users in technical auditing

While there are methods that developers and researchers can leverage to gain information for effectively auditing systems, such as the scraping approach (i.e., issuing repeated queries and observing system behavior) or code audits (i.e. using tests to understand what vulnerabilities may exist in the source code),^[1] it is sometimes the case that users' insight is critical to understand problems with a system (e.g., concerning the ethics of artificial intelligence). As such, there are methods of soliciting (nontechnical) user perceptions and feedback to support a technical algorithm audit. For example, in noninvasive user auditing, researchers and developers may survey users in conjunction with user activity (e.g., through activity logs) to understand interactions with the system and unmet needs that could benefit from auditing.^[1] Crowdsourced or collaborative auditing is another approach, in which users are considered as testers, sometimes specifically hired to do so, to provide feedback about system design and behavior.^[1] With a trend toward user-centered, ethical systems (e.g., to avoid issues in which harm or bias may go unchecked due to lack of expertise or knowledge that only a diverse range of users can surface), incorporation of users' feedback in the auditing process is becoming increasingly common.

Related Research Articles

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.

Risk assessment determines possible mishaps, their likelihood and consequences, and the tolerances for such events. The results of this process may be expressed in a quantitative or qualitative fashion. Risk assessment is an inherent part of a broader risk management strategy to help reduce any potential risk-related consequences.

<span class="mw-page-title-main">Audit</span> Systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Financial audit</span> Type of audit

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

The ethics of technology is a sub-field of ethics addressing the ethical questions specific to the Technology Age, the transitional shift in society wherein personal computers and subsequent devices provide for the quick and easy transfer of information. Technology ethics is the application of ethical thinking to the growing concerns of technology as new technologies continue to rise in prominence.

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

In computer log management and intelligence, log analysis is an art and science seeking to make sense of computer-generated records. The process of creating such records is called data logging.

<span class="mw-page-title-main">Internal audit</span> Independent, objective assurance and consulting activity

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

ISO/IEC 27005 "Information technology — Security techniques — Information security risk management" is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) providing good practice guidance on managing risks to information. It is a core part of the ISO/IEC 27000-series of standards, commonly known as ISO27k.

<span class="mw-page-title-main">Continuous auditing</span>

Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

Machine ethics is a part of the ethics of artificial intelligence concerned with adding or ensuring moral behaviors of man-made machines that use artificial intelligence, otherwise known as artificial intelligent agents. Machine ethics differs from other ethical fields related to engineering and technology. Machine ethics should not be confused with computer ethics, which focuses on human use of computers. It should also be distinguished from the philosophy of technology, which concerns itself with the grander social effects of technology.

The Menlo Report is a report published by the U.S. Department of Homeland Security Science and Technology Directorate, Cyber Security Division that outlines an ethical framework for research involving Information and Communications Technologies (ICT).

<span class="mw-page-title-main">Algorithmic bias</span> Technological phenomenon with social implications

Algorithmic bias describes systematic and repeatable errors in a computer system that create "unfair" outcomes, such as "privileging" one category over another in ways different from the intended function of the algorithm.

Rumman Chowdhury is a Bangladeshi American data scientist, a business founder, and former Responsible Artificial Intelligence Lead at Accenture. She was born in Rockland County, New York.

Regulation of algorithms, or algorithmic regulation, is the creation of laws, rules and public sector policies for promotion and regulation of algorithms, particularly in artificial intelligence and machine learning. For the subset of AI algorithms, the term regulation of artificial intelligence is used. The regulatory and policy landscape for artificial intelligence (AI) is an emerging issue in jurisdictions globally, including in the European Union. Regulation of AI is considered necessary to both encourage AI and manage associated risks, but challenging. Another emerging topic is the regulation of blockchain algorithms and is mentioned along with regulation of AI algorithms. Many countries have enacted regulations of high frequency trades, which is shifting due to technological progress into the realm of AI algorithms.

Automated decision-making (ADM) involves the use of data, machines and algorithms to make decisions in a range of contexts, including public administration, business, health, education, law, employment, transport, media and entertainment, with varying degrees of human oversight or intervention. ADM involves large-scale data from a range of sources, such as databases, text, social media, sensors, images or speech, that is processed using various technologies including computer software, algorithms, machine learning, natural language processing, artificial intelligence, augmented intelligence and robotics. The increasing use of automated decision-making systems (ADMS) across a range of contexts presents many benefits and challenges to human society requiring consideration of the technical, legal, ethical, societal, educational, economic and health consequences.

References

1 2 3 Sandvig, Christian; et al. (May 22, 2014). Auditing Algorithms: Research Methods for Detecting Discrimination on Internet Platforms (PDF). Data and Discrimination: Converting Critical Concerns into Productive Inquiry – via University of Michigan.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[sandvig-1] 1 2 3 Sandvig, Christian; et al. (May 22, 2014). Auditing Algorithms: Research Methods for Detecting Discrimination on Internet Platforms (PDF). Data and Discrimination: Converting Critical Concerns into Productive Inquiry – via University of Michigan.

[1]