Business processes and IT environments are deeply interconnected, yet audits are often performed in silos. Operational auditors may focus heavily on process execution and approvals, while IT auditors concentrate on system configurations, access controls, and technology risks. When these perspectives are not aligned, organizations can miss critical risks, duplicate efforts, and produce audit results that fail to provide a complete picture of control effectiveness.

This session is designed for internal auditors, IT auditors, SOX professionals, risk professionals, and any audit leaders seeking to better integrate business process and IT control auditing. Participants will explore how business operations rely on technology, where dependencies between process and IT controls commonly break down, and how to evaluate risks using a more connected, risk-based approach.

The course emphasizes practical collaboration between operational and IT audit functions to improve audit planning, control testing, issue identification, and overall assurance quality. Participants will learn how to connect business objectives, process risks, systems, data flows, and supporting IT controls into a unified audit approach that produces more meaningful insights for management and stakeholders.

Learning Objectives

By the end of this session, participants will be able to:

Differentiate the objectives, methodologies, and risk perspectives of business process auditors and IT auditors.

Identify common gaps between operational process reviews and IT control assessments that reduce overall audit effectiveness.

Evaluate how business processes depend on applications, system configurations, interfaces, automated controls, and data integrity.

Strengthen collaboration between operational and IT audit teams to improve audit efficiency, communication, and assurance outcomes.