Digital And Technology Audit | Financial Audit Authority | UAE


The Authority conducts digital and technology audit to verify the efficiency and effectiveness of the systems.


​​​​​​​​Why Digital and Technology Audit?

​ ​

The Digital and Technology Audit is one of the key audit types, which the Financial Audit Authority performs as mandated by law No.4 of 2018 of establishing the Financial Audit Authority.

The main purpose of Digital and Technology Audit is to verify the efficiency and effectiveness of Information Systems in performing the operational activities and processing the financial transactions at the audited entities. This also include:

  1. Verify that funds allocated for Information Systems have used for the intended purposes and in accordance with the relevant regulatory legislations.

  2. Examine the reliability and governance of information systems and system-generated reports.

  3. Verify that Information System assets are effectively protected in the audited entities.

  4. Evaluate the IT assets, applications, software, operations, data , investments, communications and examine database and system generated reports to verify their efficiency and effectiveness in achieving the objectives of the audited entities.

  5. Examine compliance with applicable laws and regulations.

The importance of performing Digital and Technology Audits increased due to the emergent risks and opportunities resulted from the rapid pace of technological changes including digital transformation, automation of business processes, employment of technological advancements such as Cloud Computing , Block Chain, Artificial Intelligence (AI), Internet of Things(IoT) , Big Data, etc.


Digital and Technology Audi types

  1. Integrated Audits

  2. Digital and Technology Audit has a broad scope of work that encompasses the following audits:

    • Financial Audits.

    • Compliance and Operational Audits.

    • Performance Audits.

    • Capital Projects Audits.

    • Legal Affairs and Financial/Administrative Violations.

    • Macro Assessments.

    • Special Audits.

  1. Stand Alone Information System Audits

  1. IT Governance and Management (ITGM)

  2. Conduct a comprehensive Macro Level Assessment of IT Governance and Management Practices in audited entities using a customized model which was developed based on COBIT 2019 global framework issued by ISACA (Information Systems Audit and Control Association).


Digital and Technology Audit Domains

  1. Auditing the IT General Controls (ITGC)

  2. Audit the adequacy and effectiveness of the design and implementation of IT related controls embedded within the IT processes. The IT general controls are classified in the below (4) main categories:​

    • Program/System Development.

    • Program/System Changes.

    • Access to Systems/Data.

    • Computer Operations.

  3. Auditing the IT Application Controls (ITAC)

  4. Audit the controls over the processing of transactions and data within the application and to ensure the accuracy and reliability of system functionality and information. These application controls are embedded in business processes and may include Logical access controls, Configurable Controls, Data entry/field validations, Business/Workflow rules and Reconciliations.​​

  5. ​Auditing other technology aspects​

    • IT Project Management methodologies and practices.

    • IT Investments and Budget/Cost allocation.

    • Information Security Governance and Management practices.

    • IT Outsourcing.

    • Data Analytics using advanced CAATs.

    • Performing technology related Fraud Investigations.

    • any other technology related audits.​​​