Thursday, 03 December 2015 11:26

IT Managers face big issues and IT audit is still off the mark


The top technology challenges faced by IT audit executives and professionals worldwide is to keep pace with emerging technology and infrastructure changes, including transformation, innovation and disruption.

That is according to a new joint survey from global consulting firm Protiviti and ISACA, a global association for IT assurance, governance and cybersecurity professionals.

Business and technology environments are challenged to manage an escalating volume of IT risks at the same rapidity with which they are presented The fifth annual IT Audit Benchmarking Survey, titled A Global Look at IT Audit Best Practices, examines where IT audit functions stand in their capabilities to help management and the board of directors address these complex issues.

“Rapid change is the norm in today’s business environment. IT audit professionals have recognised the need to grow their knowledge and expertise while also updating their policies, processes, people and technology, all in order to arm themselves against the increasing challenges and threats presented by an ever-evolving technology landscape,” said David Brand, a Protiviti managing director and leader of the firm's global IT audit practice.

Top 10 Technology Challenges include:

1,230 respondents worldwide shared their perceptions of top technology challenges currently facing their organisations. These challenges are consistent with current market activity and have deep interrelationships with each other.

  • Emerging technology and infrastructure changes ‑ transformation, innovation, disruption
  • IT security and privacy/cybersecurity
  • Resource/staffing/skills challenges
  • Infrastructure management
  • Cloud computing/virtualisation
  • Bridging IT and the business
  • Big data and analytics
  • Project management and change management
  • Regulatory compliance
  • Budgets and controlling costs

Regulatory compliance and budgets/controlling costs have moved down significantly on the list compared to last year, indicating that other emerging areas are now top concerns for respondents.

Other highlights from this Year’s Study include:

  • There are significant concerns about finding qualified resources and skills – A high percentage of respondents say that finding the right people with the right knowledge and skills for the right job remains an uphill battle.
  • Many IT audit reporting lines are still off the mark – Having the IT audit director report to the Chief Audit Executive (CAE) or an equivalent role is ideal, yet many organisations still have other reporting lines in place, bringing into question whether IT audit still falls under the “third line of defence” as an independent function.
  • IT audit risk assessments are an absolute must – There are small but meaningful numbers of companies that are not conducting any type of IT audit risk assessment. For these organisations, this is a significant risk given the cybersecurity threat environment. Other organisations are adhering to best practices by conducting these risk assessments more frequently.

 IT Audit Still Off the Mark

The fifth annual IT Audit Benchmarking Survey consisted of a series of questions grouped into five categories: Today's Top Technology Challenges; IT Audit in Relation to the Internal Audit Department; Assessing IT Risks; Audit Plan; and Staff Skills and Capabilities. The survey report, along with an infographic and a short video, is available for complimentary download.

According to the survey results, 60 per cent of the largest public companies surveyed have a designated IT Audit Director or equivalent position within their organisations, and yet, in half of all companies, these individuals do not attend audit committee meetings. Many companies still have established reporting structures that are less than optimal. Having the IT Audit Director report to the CAE or equivalent is a best practice, yet 28 per cent of companies in North America and Asia use another, less ideal reporting line. This number is as high as 33 per cent in Latin America and 41 per cent in Europe

"Organisations need to ensure that they address effective IT audit management through a number of controls, including treating IT and cybersecurity risks as strategic-level risks, operating as a truly independent and impartial function, and allotting the necessary resources and expertise, whether internal or external, to help the organisation identify and manage its IT risks effectively," said Christos Dimitriadis, international president of ISACA.

By definition, IT auditors work in collaboration with executive management, the board of directors, IT, legal, human resources and numerous other departments to help their organisations mitigate and control an escalating volume of IT risks that could cripple the enterprise.

On a positive note, the ISACA-Protiviti survey revealed noticeable uptick in the frequency with which IT audit risk assessment are updated by organisations. However, the number of organisations conducting continual assessments still remains low – around 16 per cent for even the largest companies.

Globally, respondents cited COBIT as the most accepted industry framework on which the IT audit risk assessment is based, followed by COSO, ISO and ITIL. In practice, organisations may utilise a combination of these frameworks to complete their risk assessments.

And a free webinar on December 10 if this has peaked your interest.

Key insights from the survey will be discussed by David Brand who will be joined by Bob Kress, managing director of Global IT Audit at Accenture, and Nancy Cohen, director of Privacy and Assurance Practices at ISACA, in a complimentary one-hour webinar on December 10, 2015 at 4:00 a.m. AEDT. Please register here.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News