Protiviti conducted its inaugural IT Audit Benchmarking Survey, seeking to analyze some of the many underlying IT audit trends and gaps evident in organizations today.
For the purposes of this study, we define “IT audit” as the process of collecting and evaluating evidence of the management of controls over an organization’s information systems, practices, controls and operations.
The evaluation of evidence obtained through the IT audit process determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals and objectives. This may include traditional audits of technology processes and components as well as integrated audits for audit activities, technology-dependent regulatory processes (i.e., privacy) or data analytics support.
These are some of the key trends and takeaways from the study that are discussed further in our report:
The growth and prevalence of technology throughout most operations in a company are outpacing the assessment, management and monitoring of related IT risks.
IT risks do not garner nearly enough attention in organizations today, especially not in small companies.
A large percentage of organizations are not complying with IIA Standard 2110.A2, which requires the internal audit function (usually through IT audit) to assess whether the organization’s information technology governance sustains and supports its strategies and objectives.
Many organizations do not have the requisite skills and capabilities to assess their key IT risks adequately.
A surprisingly large number of organizations fail to conduct an annual IT risk assessment.
IT audit functions in North America invest significantly more time on compliance-related activities than these functions do in other regions of the world.
We would like to thank the close to 500 professionals (including chief audit executives, audit directors, and IT audit directors and managers, among many others) who participated in this year’s survey.
No comments:
Post a Comment