TFL Vsebine / Revija SIR*IUS

Auditor's role in management of strategic risks, related to information technology

Razvoj informacijskih tehnologij (IT) in njihovo prodiranje v vse pore našega življenja ne pojenja. Podatke in informacije, hkrati pa tudi velik del poslovnih procesov smo zaradi povečevanja učinkovitosti in uspešnosti njihovega obvladovanja skoraj v celoti digitalizirali. Dejstvo je, da so zanesljivost finančnega poročanja, učinkovitost in uspešnost delovanja procesov organizacije, skladnost z regulativnimi zahtevami v veliki meri odvisni od delovanja informacijskih tehnologij in tveganj, ki so jim le-te izpostavljene. V članku obravnavam ključna IT-tveganja, posledice uresničenih tveganj, ključne ukrepe za njihovo ustrezno obvladovanje ter dodano vrednost, ki jo organizacijam lahko nudi revizor.

The development of information technologies (IT) and their advancement in all aspects of our lives isn’t slowing down. Data and information, together with most business processes, have been mostly digitalized in order to increase their efficiency and effectiveness. The fact is that reliability of financial reporting, efficiency and effectiveness of organizations’ processes as well as compliance with regulatory requirements largely depend on the proper functioning of information technologies and the risks, related to them. This article outlines some key IT risks, impact of risks occurrence, mechanisms available to mitigate those risks and the added value an auditor can bring to organizations.