INTOSAI WGITA Virtual Seminar on “IT Audit in the Era of Industry 4.0: Opportunities and Challenges”
September 2, 2021 was held еру Webinar of the INTOSAI Information Technology Audit Working Group (WGITA): IT Audit in the Era of Industry 4.0: Opportunities and Challenges". The event, was attended by 380 people and organized by the SAI Indonesia.
The format of the meeting was a panel session under the moderation of SAI Indonesia.
The first speaker from SAI Indonesia Mr. Pelenkahu presented information on SAI’s Initiative in Auditing the National Cybersecurity Resilience. He said that the Law on Cybersecurity and Sustainability has been in force in Indonesia since 2019. Statistics of cyberattack attempts and information and leaks with personal data were also presented. The speaker touched upon the issue of imperfect legal regulation in the field of cybersecurity, as well as duplication of functions among ministries and departments. The issue of the lack of effective interagency communication systems is also considered. In addition, Mr. Pelenkahu shared the methodology and results on Auditing the Cyber Security and Resilience to Support National Security Stability.
Senior Member of Information Systems Audit and Control Association (ISACA) Indonesia Chapter (also Senior Partner, Ernst & Young Indonesia) Mr. Achdiat reported on number of problems in the activities of IT auditors. As key current cybersecurity challenges, he highlighted three aspects in managing cybersecurity systems:
- cybersecurity organization is severely underfunded
- Regulatory fragmentation
- Cybersecurity’s relationships are deteriorating at the national and supranational levels.
To improve the situation the speaker proposed some action to be taken:
- Strengthen engagement with stakeholders
- Involve versatile, multi-skilled professionals (e.g. Tech advocate, Security expert, Risk and regulatory pros, etc)
The Speaker from SAI Australia Mr. Apoderado continued the topic of auditing cyber resilience. He spoke about the risk-based approach to the verification of cybersecurity systems and the experience of conducting audits in this area. The audit of SAI Australia was conducted as part of an assessment within Government's performance on the effectiveness of implementing strategies to reduce cybersecurity risks. Based on the audit, the SAI made the following recommendations:
- Timely reporting to the public on the implementation of cyberpolicies is essential.
- Organizations and agencies should prioritize the implementation of a strategy to strengthen cybersecurity and respond quickly to new emerging threats.
- It is necessary to conduct timelyу risk assessments to determine the level of protection required against cyberthreats.
- Organizations should support the implementation of planned and reporting oversight mechanisms.
Representative of the Norwegian SAI Mr. Beckstrom spoke about Auditing Machine Learning Algorithms. He shared successful practices of using AI algorithms for data analytics in the audit process. Also during the webinar was presented White Paper for auditors "Auditing machine Learning algorithms", developed by auditors of SAIS in the UK, France, and Germany, The Netherlands and Norway. This project is implemented in Excel format and includes a checklist of aspects that can be used for machine verification. Nevertheless, the speaker emphasized that when using machine algorithms, serious risks arise, due to the fact that the mechanism for making a "machine decision" is not always transparent (it is unclear how the machines got a certain decision). That is why auditors should be above AI machines and systems, keeping up with the times, the auditor should make the decision himself.
During the Q & A session, issues related to the regulatory regulation of the audit process using new technologies, the formation of the competence of an IT auditor, the involvement of external experts and additional funding were discussed.