Cloud computing, privacy among top technology challenges for IT audit managers

Cybersecurity and privacy was rated as the “top technology challenge” by respondents to a recent survey, while risks from cloud computing and information technology outsourcing made the top 10, yet most respondents do not update their IT audit risk assessments more frequently than once a year, Protiviti Inc. suggested in a recent report.

Menlo Park, Calif.-based Protiviti released Wednesday the results of the fourth annual IT Audit Benchmarking Survey, which was conducted by Protiviti and ISACA, formerly known as the Information Systems Audit and Control Association.

In the online survey, more than 1,330 participants were asked to list what they view to be the top five technology challenges facing their organizations in 2014.

Cybersecurity and privacy “is rated as the top technology challenge,” reported Protiviti, a consulting and audit firm owned by Robert Half International Inc. Protiviti’s services include technology, litigation, governance, risk and compliance.

Rolling Meadows, Ill.-based ISACA develops standards and certifications for information systems audit, security, risk, privacy and governance professionals.

ISACA and Protiviti’s benchmarking survey covered a variety of topics, including technology challenges, IT audits, risks and skills.

“Concerns over cybersecurity, industry disruptors and regulatory compliance have moved many organizations, and audit committees in particular, to become more engaged in the IT audit function,” stated David Brand, a Protiviti managing director and the firm’s global IT audit leader, in a release.

“High-profile data breaches in many well-known organizations are keeping IT security top-of-mind and heightening expectations — from the board, executives and other stakeholders — for sound security measures that involve the IT audit function,” Protiviti and ISACA stated in their report.

“The development of a comprehensive cybersecurity framework should be driving compliance activities. Bottom line, it is imperative for IT auditors to keep their skills current in areas including, but not limited to, IT security, cloud computing and storage, outsourcing and vendor assurance, data analytics, computer-assisted auditing tools, and more.”

(Article continues below Infographic…)

Respondents from more than half of the largest public companies “have a designated IT audit director or equivalent position within their organizations,” while 48% reported that those directors “regularly attend audit committee meetings,” Protiviti noted.

In addition to IT security, other technology challenges that made the top 10 include: regulatory compliance; IT governance and risk management; big data and analytics; vendor, third-party and outsourcing risks; and cloud computing/virtualization.

Respondents included IT audit managers, IT audit directors and audit staff, among others. Thirty-eight per cent of respondents were from publicly traded firms, 18% were in government, 36% worked for privately held firms and 8% worked for non-profit organizations. Most (56%) of those organizations had revenues of greater than $1 billion.

Fifteen per cent of respondents said their organizations  “update their IT audit risk assessment on a continual basis,” Protiviti reported.

“Most of these organizations are updating their IT audit risk assessments only once a year,” Brand stated. “Leading companies are tackling this project once a quarter, and although we expected more companies to follow suit, it has not been the case. “