In our ever-changing world of new business technologies and the way we adopt and use them, internal auditors face ongoing challenges in understanding these new approaches, developing internal procedures to review and assess them, and adopting practices to accept and work with the manner in which these new changes are installed. At any point in time there are always a wide range of new technology issues, some of which cause all of us to rethink our internal audit approaches, while others just go away either because the new technology does not cause much of an internal control impact or because the new approach ends up having a very short life span. Other new technology approaches stay with us, grow, and effectively establish their own internal control practices.

This chapter discusses two broad technology issues that are becoming increasingly important and changing the ways that internal auditors should understand, review, and assess them. The first is what has been called BYOD (bring your own device) practices, or what we generically refer to as business operations where stakeholders are allowed or encouraged to bring their own personal tablet computers, smartphones, laptops, or other personal systems when attending meetings to access and communicate with corporate systems or other client systems. These handheld devices were once quite expensive for individuals to own and their issuance and use was often controlled ...