n Southern African Journal of Accountability and Auditing Research - The development of an integrated IT risk assessment questionnaire for internal auditors' use

Volume 18, Issue 1
  • ISSN : 1028-9011



Most businesses today operate in a complex Information Technology (IT) environment. The King III Report,South Africa's Corporate Governance Framework, holds the board of directors responsible for risk management processes, including IT governance related matters. This responsibility is often delegated to the IT- and risk committees, which in turn are assessed and evaluated by the internal auditor. However, due to ever-changing emerging technology risks and the vague guidance provided by the King III Report, the internal auditor requires assistance to conduct this evaluation. Most of the frameworks recommended by King III Report have only been updated in recent years, thereby changing the focus and risk areas internal auditors should evaluate. This article proposes to develop an integrated IT risk assessment questionnaire based on certain updated IT and risk control frameworks to assist the internal auditor in evaluating high level IT control risk areas in an effective manner, whilst complying with the latest framework requirements and also taking emerging technology risks into consideration.

Loading full text...

Full text loading...


Article metrics loading...


This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error