According to a new global survey, many firms are struggling to keep pace with global IT risks amid quickly changing technology. The fourth annual IT Audit Benchmarking Survey was produced by global consulting firm Protiviti and global IT association ISACA.
The survey examines how organizations are assessing and mitigating critical business and technology risks, polling more than 1,300 IT audit executives and professionals worldwide.
“Concerns over cybersecurity, industry disruptors and regulatory compliance have moved many organizations, and audit committees in particular, to become more engaged in the IT audit function,” said David Brand, a Protiviti managing director and the firm’s global IT audit leader. “We see some positive trends in our results, notably in the number of designated IT audit directors and their regular attendance at audit committee meetings. However, we also see significant gaps to be addressed, including the frequency with which IT audit risk assessments are conducted.”
According to the survey, the top 10 global IT challenges identified are:
- IT security and privacy/cybersecurity
- Resource/staffing/skills challenges
- Emerging technology and infrastructure changes: transformation, innovation, disruption
- Regulatory compliance
- Budgets and controlling costs
- IT governance and risk management
- Big data and analytics
- Vendor, third-party and outsourcing risks
- Cloud computing/ virtualization
- Bridging IT and the business
“Companies cannot ignore the significant security and privacy risks that face their business today,” said Brand. “Based on the survey results, more organizations are recognizing the mission-critical nature of IT internal audit in combating these risks, yet many companies are simply not institutionalizing the processes needed to support this function.”
The good news is that companies are paying more attention to the risks. The survey found that more than half of the largest public companies surveyed have a designated IT Audit Director or equivalent position within their organizations, and 48% reported that these individuals regularly attend audit committee meetings. That is doubled the number from just three years ago the survey noted.
Additionally, respondents indicated that their audit committees have increased their involvement in the IT risk assessment process, with 20% reporting significant involvement as compared to 14% in 2013.
“The increased resources and attention to IT audit is a positive sign that companies of all sizes around the world are recognizing the significant benefits of this critical function,” said Robert E. Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Even though organizations have different goals and operate in different marketplaces, there are many common pain points and risks, such as fraud, cybersecurity incidents, rising costs, project success/failure, outsourcing issues and regulatory requirements that can be addressed with effective IT audit management.”