The Institute of Chartered Accountants of India (ICAI) will soon firm up new Information Systems Audit Standards for improving the audit quality of entities such as startups, fintech firms, and e-commerce companies that have technology at the core of their operations, said its president Charanjot Singh Nanda.
These standards will enable chartered accountants (CAs) in assessing IT-related risks, including cyber security threats, data breaches, and system failures while auditing these firms and recommend mitigation measures, Nanda told ET.
To be sure, these standards will also apply to financial audits of companies in other sectors, given the fast-growing adoption of technology in every facet of modern businesses.
“With businesses relying heavily on digital platforms, ERPs and cloud systems, traditional financial auditing is no longer sufficient,” said another person privy to the details.
So, the new standards will also provide “a structured approach for evaluating the integrity, confidentiality and availability of IT systems”, the person said.
Various laws and regulations such as the Digital Personal Data Protection Act in India or GDPR globally mandate IT audits and data protection compliance. So, ICAI plans to equip CAs through these standards to also guide organisations in meeting their various tech-related compliance obligations, said the person.
These norms will focus on effective financial reporting, fraud detection and prevention, and robust governance frameworks, among others.
These will eventually enable CAs to offer value-added services and expand their professional expertise on system audits, IT governance assessments, cyber security reviews and ERP implementation audits.
India’s startup ecosystem has exploded in recent years. The fintech sector is also growing rapidly.
The number of startups recognised by the industry ministry shot up to 1,57,706 by the end of 2024 from 502 in 2016. The fintech sector is expected to grow to $420 billion by 2029 from about $110 billion last year.
Last year, the Comptroller and Auditor General, too, called on auditors to upskill themselves continuously to ensure that “relevant and actionable inputs are provided to all the stakeholders on controls related to information security, data privacy, transparency.”
Visit www.cagurujiclasses.com for practical courses
