There remain major shortcomings in IT audit risk assessments
Not enough companies are performing IT audit risk assessments on a regular basis, nor are they updating these assessments as frequently as they should. The likely result is that critical IT components and process areas supporting the business are not being reviewed sufficiently.
From Cybersecurity to IT Governance
Thinking Through Your 2014 Audit Plan
- Data security is of paramount concern
- Organizations are not gaining the audit coverage they need
- Remain major shortcomings in IT audit risk assessments
- Organizations are implementing strong IT governance programs and practices
Top Technology Challenges
Faced by Organizations 2013/2012
2013
- IT security: data security, cybersecurity and mobile security
- IT governance
- Lack of successful ERP implementations, development and knowledge
- Social media
- Vendor management
- Cloud computing
- Emerging technology and infrastructure changes Big data and analytics
- PCI compliance
2012
- Information security (including data privacy, storage and management)
- Cloud computing
- Social media
- Risk management and governance Regulatory compliance
- Technology integration and upgradation Resource management Infrastructure management
- Fraud monitoring
- Business continuity/disaster recovery
Data security is of paramount concern
More than ever, there is greater scrutiny today on cybersecurity and threats from more sources than ever previously known. Many research studies, including Protiviti’s annual IT Priorities survey, rank IT and data security at the top of the list of challenges.1 Organizations should be looking to expand IT audits as one component of a broadening net of assurance to evaluate
the design and operating effectiveness of management’s security risk assessment, system of controls and monitoring of the environment.
Organizations are not gaining the audit coverage they need
Organizations do not have adequate IT audit resources, and these resources are not always a formal part of the audit group. By seemingly shortchanging themselves on the resources they devote to IT audit efforts, companies are limiting their ability to create transparency into how they adequately identify and manage their IT risks. Furthermore, limited IT audit resources become a significant problem when considering that nearly every function in organizations today, from accounting and finance to supply chains and sales, is technology-enabled.
There remain major shortcomings in IT audit risk assessments
Not enough companies are performing IT audit risk assessments on a regular basis, nor are they updating these assessments as frequently as they should. The likely result is that critical IT components and process areas supporting the business are not being reviewed sufficiently.
More organizations are implementing strong IT governance programs and practices
This is a positive development, particularly given the ranking of IT governance as a top IT challenge for organizations. The new COSO Internal Control – Integrated Framework emphasizes the importance of strong IT governance and controls, underscoring the dynamic nature of technology in business today.
Assessing the Results of Protiviti’s Third Annual IT Audit Benchmarking Survey
IT challenges—from controls and infrastructure to cybersecurity—are top-of-mind for organizations today. It’s critical to have a strong IT security framework in place, and by extension, a strong IT audit function. Yet the results of Protiviti’s latest IT audit benchmarking study show that organizations have significant room for improvement in their IT audit practices to ensure an available, secure and efficient IT environment.
