Final answer:
Internal auditors in an IT environment are primarily responsible for testing controls and ensuring they function correctly. They may also participate in the design phase of IT-based systems to provide control-related input, but they typically do not maintain the controls on a day-to-day basis to preserve their objectivity.
Step-by-step explanation:
The role of internal auditors in an IT environment encompasses several key responsibilities. One of their primary duties is testing controls to ensure they are operating effectively and safeguarding assets. This involves evaluating the reliability and integrity of financial and operational information, as well as the means used to identify, measure, classify, and report such information. Internal auditors assess how well risks are managed within the company, including those associated with new technology or system implementations.
Another aspect of their role may sometimes include participation in the design of the IT-based system. However, they usually do not take on roles that would compromise their independence or objectivity, such as the day-to-day maintenance of the controls. Their involvement in system design is typically to provide input on control-related matters and to ensure that controls are effectively integrated into the system from the start.
Through these activities, internal auditors not only provide assurance about the existing control environment but also add value by helping to improve the control frameworks and risk management processes. They must have a keen understanding of information systems, technology risks, and the ways in which IT influences the risk landscape of an organization.