A majority of large global companies (55 percent) only conduct an IT audit risk assessment on an annual or even less-frequent basis.
New research from Protiviti and ISACA discovered that cyber-security and privacy issues, along with infrastructure management and emerging technology, rank as the top technology challenges that organisations face today.
Other top technology or business challenges that the surveyed organisations face today are resource/staffing/skills challenges, regulatory compliance, budgets and controlling costs, cloud computing/virtualisation, bridging IT and the business, project management and change management and finally, third-party/vendor management.
The research analysed responses from 1062 global IT audit and internal audit leaders and professionals and found that IT audit is becoming more involved in major technology implementation projects within organisations.
With a growing number of IT audit leaders reporting directly to the CEO (26 percent in Europe and 13 percent in North America), there is an increasing interest in C-level IT audit.
Twenty-six percent of IT audit functions have a significant level of involvement in major technology projects, while 45 percent have a moderate level of involvement. IT audit is most frequently involved in the post-implementation stages (65 percent).
In a majority of organisations (55 percent), the IT audit director regularly attends audit committee meetings.
“Seeing greater involvement by IT audit in significant technology projects is a positive trend, especially considering the dynamic nature of technology and critical risks related to security and privacy. This is also notable because a substantial percentage of IT projects tend to run over budget and behind schedule and fail to achieve the desired objectives. Having IT audit bring a mindset of risk and control to these projects can be highly advantageous,” said Christos Dimitriadis, PhD, CISA, CRISC, chair of ISACA's board of directors and group director of information security for INTRALOT.
“We believe there is an opportunity for organisations to derive the most value from their major IT projects by engaging IT audit earlier rather than downstream in the projects. With a solid foundation of assurance on the front end, organisations can have the confidence they need to be innovative and fast-paced in pursuit of their business goals,” Dimitriadis said.
In emailed commentary to SC Media UK, Mark Peters, a managing director with Protiviti and leader of the firm's IT Audit practice in the UK said, “It is no surprise to find cyber-security, technology infrastructure and emerging technologies atop the list of challenges that IT auditors see in their organisations which is consistent with prior years. Executives and internal audit management continue to operate in an environment of evolving technology risk and increasing stakeholder expectations, increasing the interest in the IT audit activity and its view of risk facing the organisation. Core areas such as cloud, IT skills gaps, IT costs and compliance will still form the backbone of IT audit plans in 2017. However, the business risks associated with vendor management and change projects are increasing and many organisations have room for improvement in sufficiently addressing these areas within their IT audit plans.”