Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Study shows that risks are outpacing IT audit capabilities in most organizations

Despite ongoing efforts to address information technology issues, companies continue to come up short in their IT audit functions, according to a new survey from global consulting firm Protiviti. The international study reveals that a large percentage of organizations are not planning and instituting the IT audit coverage necessary to assure critical IT operations, evaluate risk and provide a secure, available IT environment.

Protiviti’s latest IT audit benchmarking study, entitled ‘From Cybersecurity to IT Governance – Preparing Your 2014 Audit Plan’, analyses the primary technology-related challenges companies face from the internal audit perspective, and identifies trends in the ways organizations evaluate their approach to IT audit functions and capabilities.

“In today’s organizations, virtually every function is technology-dependent, which means companies face a greater number of challenges to ensure an efficient, secure IT environment,” said Brian Christensen, Protiviti executive vice president of global internal audit. “Based on the study, it’s apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls. As audit plans are developed, these technology challenges should also be top-of-mind for internal audit.”

Top technology challenges

According to the 469 respondents who participated in the study survey the top technology-related challenges facing organizations are:

  • IT security (including data security, cyber security, and mobile security; this result was the number one challenge for the second consecutive year)
  • IT governance
  • Lack of ERP implementations, development, and knowledge
  • Social media
  • Vendor management
  • Cloud computing
  • Emerging technology and infrastructure changes
  • Big data and analytics
  • PCI compliance.

Companies’ IT audit practices fall short

Analysis of Protiviti’s survey results also provides important insights into how effectively organizations are improving their IT audit programs and practices, and some notable findings suggest there is a need for dramatic improvement. These include:

  • A large number of companies fail to devote adequate resources to IT audit and, as a result, are not able to fully assess potential risks. Also, 42 percent of organizations reported that they rely on outside resources to augment their IT audit departments because they lack the appropriate internal resources.
  • Many internal audit functions are not performing IT audit risk assessments regularly, and even many of the companies that do perform these assessments need to do so more frequently. Of concern, one-third of companies with less than $100 million in revenue do not conduct any type of IT audit risk assessment, which presents countless potential hazards for their respective businesses.
  • Also a cause for concern is the increase from 2012 to 2013 in the number of IT audit directors who report to the CIO. Even though the overall number of organizations with this reporting relationship is relatively low, allowing the IT department to audit itself is a potential recipe for disaster because independence and objectivity of assessments are lost.


•Date: 20th November 2013 • World •Type: Article • Topic: ICT continuity

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here