Many organizations still behind in IT audit risk assessment
November 19, 2013 by Canadian Underwriter
Print this page Share
IT security, big data and analytics are among the top technology-related challenges facing organization, and despite ongoing efforts, many companies are lacking in terms of their IT audits, according to a new global survey from consulting firm Protiviti.
The survey included 469 respondents, including chief audit executives, IT audit directors, IT audit managers, and other auditing professionals.
For the second consecutive year, those respondents named IT security, including data, mobile and cyber security as their primary challenge.
They also said top challenges include:
- IT governance
- Lack of ERP implementations, development, and knowledge
- Social media
- Vendor management
- Cloud computing
- Emerging technology and infrastructure changes
- Big data and analytics
- PCI compliance
Among the areas of improvement identified, Protiviti notes that many of the companies surveyed (especially smaller ones) don’t devote enough resources to IT audit, and are therefore unable to identify potential risks.
For example, about 70% of those surveyed only update their IT audit risk assessment on an annual basis, or less frequently, the report notes.A third of companies with less than $100 million in revenue also don’t conduct any kind of IT audit risk assessment, according to the survey.
Many (42%) also said they lack internal resources and so their rely on outside resources to augment their IT audit departments.
“In today’s organizations, virtually every function is technology-dependent, which means companies face a greater number of challenges to ensure an efficient, secure IT environment,” Brian Christensen, Protiviti’s executive vice president of global internal audit commented in a statement on the report.
“Based on the study, it’s apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls. As audit plans are developed, these technology challenges should also be top-of-mind for internal audit.”
Have your say: