LOTA – Leveraging on Technological Advancement
LOTA Scan
In response to this rapidly changing environment and technology development, IDI has developed a LOTA Scan Tool to help SAIs in making better use of technology in fulfilling their audit mandates, by planning technology-specific audits, developing technology skills and introducing new technologies into the SAI audit practice.
The LOTA Scan aims to provide SAIs with a tool to analyse their internal and external environment in the use technology in audits and use of technology by governments. The LOTA Scan part related to external environment assessment helps to identify areas where technology audits are required and outlining technology-related audit projects to be included in LOTA Strategy. At the same time, external environment assessment helps to identify the technological needs of SAI for using technology in audits. In turn, the internal environment assessment helps to assess the current state at the SAI and how well SAI responds to the technological needs arising from the external environment.
The LOTA Scan Tool consists of
- LOTA Scan Guide. The LOTA Scan Guide provides basic guidance on running the LOTA Scan project at a SAI. This includes guidance on prerequisites for conducting a LOTA Scan and the LOTA Scan workflow including key phases and analysis.
- LOTA Scan Canvas. The LOTA Scan Canvas provides a template for conducting and high-level reporting on the LOTA scan.
- LOTA Scan Question Bank. The LOTA Scan Question Bank lists detailed questions to be considered during the analysis.
For more information on these items along with download links may be found below.
Demystifying Technologies
Demystifying Technologies is a brochure that aims to provide a concise visual guide for SAI professionals on some technologies that are relevant for public auditors and might impact their work, while also establishing a common vocabulary.
It is primarily intended to provide a high-level overview of key technologies and concepts for non-technology professionals or non-technology Auditors.
Demystifying Technologies
Other Resources
Terms and DefinitionsEmpty heading
- ISACA Interactive Glossary & Term Translations, a concise compilation of key terms tailored to provide clear definitions and explanations
Auditors of the FutureEmpty heading
- INTOSAI-P 12: The Value and Benefits of Supreme Audit Institutions – making a difference to the lives of citizens
- The Capacity Building Committee (CBC) “The Future Relevant Value-Adding Auditor”
IDI PublicationsEmpty heading
- LOTA Scan, a tool for Supreme Audit Institutions to analyse their internal and external environment in the use of technology in audits and the use of technology by governments (2022)
- LOTA Strategy, a tool for Supreme Audit Institutions to develop a Strategic Audit Plan for use of technology in audits and audits of government’s technologies (2024)
Reports and StudiesEmpty heading
- WGISTA Environmental Scan: A report on SAI capabilities in emerging technologies and auditability in the public sector (2023)
- WGISTA Emerging Technologies: Applications in developing and maintaining expertise within SAIs in the use of science and technology in auditing (2023)
- EUROSAI Project Group “Auditing in the New Normal: Connecting Technology to Audit Processes” (2023)
- WGBD Research Paper on Innovative Audit Technology (2022)
- WGBD Development Overview of Big Data Audits Performed by SAIs from 2016 to 2021 (2022)
- AFROSAI-E Research Paper on Integrating Big Data in Public Sector Audit (2020)
GuidelinesEmpty heading
- WGITA Cybersecurity and Data Protection Guideline (2022)
- WGITA Data Analytics Guideline (2019)
- WGITA Guidance on Audit of IT Management Functions (2022)
- WGITA Auditing IT Service Management (2001)
- WGITA Auditing IT Service Management – Annex (2001)
- WGITA Guide on IT Governance (2016)
- WGITA Guide to Data Mining as a Tool in Fraud Investigation (2016)
- WGITA Cloud Computing Guide (2016)
- WGITA-IDI Handbook on Technology Audit for Supreme Audit Institutions (2022)
- WGBD Guidance on Conducting Audit Activities with Data Analytics (2022)
- WGITA General capacity building requirements for conducting Technology Audits in a SAI (2019)
- WGITA Green IT (2003)
SAI PublicationsEmpty heading
- CAG India: Compendium on Responsible Artificial Intelligence (2023)
- CAG India Guidance Note on Usage of Remote Sensing Data and Geographic Information System for effective audits (2020)
- US GAO Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities (2021)
- US GAO Artificial Intelligence: Key Practices to Help Ensure Accountability in Federal Use (2023)
- US GAO Artificial Intelligence Use Cases (2024)
- NAO UK Good practice guide: Cyber and information security (2021)
- Audit Scotland Principles for a digital future: Lessons learned from public sector ICT projects (2017)
- SAIs of Finland, Germany, the Netherlands, Norway and the UK Auditing machine learning algorithms (2020)
- Netherlands Court of Audit Understanding algorithms (2021)
Other PublicationsEmpty heading
- The CSA Cloud Controls Matrix (CCM), a cybersecurity control framework for cloud computing
- IIA Remote Auditing: Challenges, Risks, Fraud, Technology, and Staff Morale (2021)
- ISACA Auditing Artificial Intelligence (2018)
- IIA Artificial Intelligence Auditing Framework, Part A (2017)
- IIA Artificial Intelligence Auditing Framework, Part B (2018)
- ACCA Auditing and Technology (2019)
- CPA Introduction to AI: From Algorithms to Deep Learning, What You Need to Know (2019)
- CPA The Data-Driven Audit: How Automation and AI are Changing the Audit and the Role of the Auditor (2020)
- Ebua Otia J., Bracci E., Digital transformation and the public sector auditing: The SAI’s perspective, Financial Accountability & Management, John Wiley & Sons Ltd. (2022)
- Ellul L., Buttigieg R., Benefits and Challenges of Applying Data Analytics in Government Auditing, Journal of Accounting, Finance and Auditing Studies (2021)
- World Bank, The Government Analytics Handbook (2023)
- World Bank, Mobile Government (2023)
- World Bank, Interoperability (2022)
- World Bank, Data Classification Matrix and Cloud Assessment Framework (2023)
- World Bank, Institutional and Procurement Practice Note on Cloud Computing (2023)
WGITA-IDI Handbook on IT Audit for Supreme Audit Institutions (v. 2022)
The audit of information technology systems, controls, and processes, also referred to as an IT audit, has become one of the central themes of audits being conducted by Supreme Audit Institutions (SAIs) across the world. This is a natural response to the critical reliance on IT systems to support government and public sector organisations. The IT systems being used should protect the organisation’s data and assets as well as support mission, financial, and other specific goals.
While the increasing use of IT has led to improved business efficiency and more effective service delivery, it has also brought with it risks and vulnerabilities associated with, for example, the digitalisation of services and the increased connectivity to other internal and external systems and networks. The role of IT audit in providing assurance that appropriate processes are in place to manage the relevant IT risks and vulnerabilities is essential if the SAI is to report meaningfully on the efficiency and effectiveness of government and public sector operations.
In 2014, the International Organization of Supreme Audit Institutions (INTOSAI) Working Group on IT Audit (WGITA) and the INTOSAI Development Initiative (IDI) jointly worked to produce the first Handbook on IT Audit with the goal to provide SAI auditors with standards and universally-recognised good practices on IT audit. This 2022 version of the handbook provides an update to the explanations of the major areas that IT auditors may be required to look into while conducting IT audits.
The WGITA/IDI handbook follows the general auditing principles as laid down under the International Standards for Supreme Audit Institutions (ISSAI). The handbook also draws from the internationally recognised IT frameworks, including ISACA’s COBIT framework, International Standards Organisation (ISO) standards, and IT guides and manuals of some of the SAIs, in an attempt to provide the users with essential information and key questions needed for the effective planning and performance of IT audits.
The project to update this handbook was led by the chair of WGITA, namely SAI India, SAI of the United States of America, and the IDI. WGITA and the IDI wish to thank the individual members of the team who worked relentlessly in developing this guidance. IT auditors from the SAIs of Australia, Brazil, Fiji, India, Kuwait, Philippines, Tanzania, and the United States of America have contributed valuably by providing IT audit report examples. Many thanks also go to the SAIs that provided their valuable feedback and comments on the handbook.
IDI and WGITA will conduct a light touch review of this handbook on a biennial basis. If there are substantial changes to be made, IDI-WGITA may decide to work on a revised version of the handbook. Such decisions will be taken on the basis of the biennial review.
