Report Analyses Gaps in Companies’ IT Audit Function and Risk Assessments

Although companies continue to increase their investments in and dependency on IT resources, many are not doing enough to protect themselves, according to a new survey from consulting firm Protiviti.

The firm has issued its ‘2012 IT Audit Benchmarking Survey’, which claims that a significant number of those organisations do not conduct any type of IT audit risk assessment, and a considerable number of companies that do conduct assessments have critical gaps in their IT audit capabilities.

“There’s no question that IT risks can affect the bottom line. To succeed in today’s business environment, it’s critical for organisations to understand and manage IT risks that emerge with the rapidly escalating use of technology, and the best way to do that is with well-planned IT audit strategies and activities,” said Brian Christensen, Protiviti’s executive vice president (EVP) of global internal audit. “We hope our survey results drive organisations to cast a more critical eye on their own IT audit strategy   whether that means establishing a function or cultivating their IT audit team’s experience and capabilities.

The survey asked 300 professionals worldwide, through an open-ended question that required a write-in response, about the top technology challenges that organisations face today. Protiviti says that the top issues from the perspective of IT audit, including information security, cloud computing, social media, and risk management and governance, are consistent with those commonly cited by C-level executives and IT organisations.

The ‘top 10’ issues cited by participants in the survey, conducted in the first half of 2012, were as follows:

  1. Information security (including data privacy, storage, and management).
  2. Cloud computing.
  3. Social media.
  4. Risk management and governance.
  5. Regulatory compliance.
  6. Technology integration and upgradation.
  7. Resource management.
  8. Infrastructure management.
  9. Fraud monitoring.
  10. Business continuity/disaster recovery.


Related reading