ABSTRACT
This study examines the continuing expansion of the Internet of Things (IoT) and its possible development as a source of audit evidence for both internal and external audits. In other words, the auditor checks whether a measure (metric) related to classifying and prioritizing requests and/or incidents is available in the enterprise’s current incident reporting system. This approach uses Design Science Research and is based on the use of auditing standards and frameworks to drive the design of audit plans using metrics available on or derived from the enterprise IoT. This study extends the research on enterprise IoT and its potential application to the enterprise audit process. It provides a framework that illustrates how both internal and external auditors can reasonably assure the provenance and validity of enterprise IoT data while also evaluating the security and controls surrounding its production.