"IT controls need to shift from the end product to raw materials," he states. IT professionals also need to check and maintain the computer devices that are printing these items.
Trend four: Augmented reality
With innovations such as Google Glass, we can use technology to provide more information in real time, says Vael. They allow people to see things that are available in the real world, such as in a shopping mall or street. Now there are some emerging examples where a device might not be needed anymore to allow people to access augmented reality.
The risk is the information can be abused, and be fake, he states. "How do you determine how trustworthy the information is? And if there is too much commercial information, how do you screen advertisements and marketing material?"
Another issue is privacy and giving away too much information. "IT professionals now need to be aware of the risks, and put controls in place to ensure their company or citizens aren't taken advantage of."
Trend five: Advanced e-health
With Big data and analytics technology there is the ability to gain to automation of patient files, and enable the faster exchange of information. The next step becomes really innovative ways of dealing with sickness or diseases, he says. For example, people with the same symptoms can group together and work out what works. Even now some smartphones have the ability to monitor heart health and people can do standard health checks themselves.
But there is a major risk that the information people are accessing is not correct, or people don't interpret information correctly, says Vael. "The challenge comes when people decide to trust computers more than doctors," he states. "From an IT standpoint we need to ensure adequate controls are in place and the public are aware of these aspects, for instance, through medical government bodies."
The rise of industry specific IT risk professionals
Given these technology shifts, Vael predicts IT audit and IT risk analysis will become more specialist. He cites the evolution of risk professionals that are industry specific, for instance, in mobiles and smartphones.
"There is so much complexity, therefore you need to specialise."
While there will also be more demand for risk professionals, this really has to be seen as the second line of defence, he says. The first line is composed of people who are developing applications, who need to consult with risk professionals to provide guidance on the applications of various technology and the potential for use and misuse. The internal auditors, meanwhile, are the third line of defence verifying if the controls are effective and efficient.
Sign up for CIO Asia eNewsletters.