Click here to close now.


SAP HANA Cloud Authors: Pat Romanski, Mike Kavis, Liz McMillan, Elizabeth White, Jayaram Krishnaswamy

News Feed Item

Protiviti IT Audit Study Analyzes Gaps in Companies' IT Audit Function and Risk Assessments

Survey also identifies top 10 IT challenges

MENLO PARK, Calif., Nov. 5, 2012 /PRNewswire/ -- Although companies continue to increase their investments in and dependency on IT resources, many aren't doing enough to protect themselves, according to a new survey from global consulting firm Protiviti ( The firm's 2012 IT Audit Benchmarking Survey ( ‑ which also reveals the top 10 technology challenges businesses face ‑ finds that a significant number of organizations do not conduct any type of IT audit risk assessment, and a considerable number of companies that do conduct assessments have critical gaps in their IT audit capabilities. 


Protiviti's second edition of the IT Audit Benchmarking Survey analyzes some of the underlying IT audit trends and gaps evident in organizations today. In addition to data and analysis, the survey report also includes key questions for audit professionals to consider as they evaluate their own IT audit functions and capabilities.

"There's no question that IT risks can affect the bottom line. To succeed in today's business environment, it's absolutely critical for organizations to understand and manage IT risks that emerge with the rapidly escalating use of technology, and the best way to do that is with well-planned IT audit strategies and activities," said Brian Christensen, Protiviti's executive vice president of global internal audit. "We hope our survey results drive organizations to cast a more critical eye on their own IT audit strategy ‑ whether that means establishing a function or cultivating their IT audit team's experience and capabilities."

The Top 10 Technology Challenges
The IT Audit Benchmarking Survey asked participants to weigh-in – through an open-ended question that required a write-in response – on the top technology challenges that organizations face today. The top issues from the perspective of IT audit, including information security, cloud computing, social media, and risk management and governance, are consistent with those commonly cited by C-level executives and IT organizations. 

  1. Information security (including data privacy, storage, and management)
  2. Cloud computing
  3. Social media
  4. Risk management and governance
  5. Regulatory compliance
  6. Technology integration and upgradation
  7. Resource management
  8. Infrastructure management
  9. Fraud monitoring
  10. Business continuity/disaster recovery

IT Audit Risk Assessments – Good and Bad News
While this year's survey shows some improvement in regard to the number of companies conducting IT audit risk assessments ‑ particularly among organizations with revenues of $100 million - $999.99 million, there is still much room for improvement. Most notably, more than 30 percent of organizations with less than $100 million in annual revenues do not conduct any type of IT audit risk assessment.  

"Our findings also show that even when organizations do conduct IT audit risk assessments, they have some considerable gaps in their capabilities. Those gaps can be just as damaging as skipping an assessment," said David Brand, a Protiviti managing director and the firm's national IT audit leader. "For example, a majority of our respondents are understaffed, meaning less than 20 percent of their internal audit department is made up of IT audit staff."

Seventy-eight percent of survey respondents from companies with revenues greater than $1 billion see those gaps and have concerns that they may lack the necessary resources and skills to sufficiently address all areas of their IT audit plans. Examples of common gaps cited in the survey include limited ability to provide training for the IT audit team; not using outside resources to provide or augment IT audit capabilities; and lack of qualified IT audit professionals.

Additional Highlights

Other research findings of note include:

  • Sixty-five percent of organizations conduct their IT audit risk assessments on an annual basis, which may not be adequate to keep pace with the current rate of technology change and innovation.
  • Evaluating and assessing the IT governance process, as called for under The Institute of Internal Auditors Standard 2110.A2, is not a priority for organizations, regardless of size or region. On average, less than 30 percent of companies have complied with this standard, and less than one in three plans to do so within the next year.  

"Companies today face new IT-related risks and challenges every day," Brand said. "Internal auditors need to be more nimble than ever before and must constantly fine-tune their approach to the IT audit risk assessment to make a positive impact on their organizations."

Protiviti conducted its IT Audit Benchmarking Survey in the first and second quarters of 2012. Survey participants were comprised of more than 300 professionals worldwide, including chief audit executives, audit directors, and IT audit directors and managers. They responded to questions covering four categories:  IT audit in relation to the internal audit department; assessing IT risk; IT audit in relation to the internal audit department; and skills and capabilities. To learn more about the 2012 IT Audit Benchmarking Survey and obtain a complimentary copy of the report, please visit:

Podcast Available with Additional Survey Insights  
Protiviti has produced a podcast that offers David Brand's analysis and commentary about the findings in the survey. Please visit to listen or download the complimentary podcast.

About Protiviti 
Protiviti ( is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, the firm has served more than 35 percent of FORTUNE® 1000 and Global 500 companies. Protiviti also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half International (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.

Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.


SOURCE Protiviti

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
This week, the team assembled in NYC for @Cloud Expo 2015 and @ThingsExpo 2015. For the past four years, this has been a must-attend event for MetraTech. We were happy to once again join industry visionaries, colleagues, customers and even competitors to share and explore the ways in which the Internet of Things (IoT) will impact our industry. Over the course of the show, we discussed the types of challenges we will collectively need to solve to capitalize on the opportunity IoT presents.
Through WebRTC, audio and video communications are being embedded more easily than ever into applications, helping carriers, enterprises and independent software vendors deliver greater functionality to their end users. With today’s business world increasingly focused on outcomes, users’ growing calls for ease of use, and businesses craving smarter, tighter integration, what’s the next step in delivering a richer, more immersive experience? That richer, more fully integrated experience comes about through a Communications Platform as a Service which allows for messaging, screen sharing, video...
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in high-performance, high-efficiency server, storage technology and green computing, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and Embedded Systems worldwide. Supermi...
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
SYS-CON Events announced today that Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, will keynote at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data shows "less than 10 percent of IoT developers are making enough to support a reasonably sized team....
The IoT market is on track to hit $7.1 trillion in 2020. The reality is that only a handful of companies are ready for this massive demand. There are a lot of barriers, paint points, traps, and hidden roadblocks. How can we deal with these issues and challenges? The paradigm has changed. Old-style ad-hoc trial-and-error ways will certainly lead you to the dead end. What is mandatory is an overarching and adaptive approach to effectively handle the rapid changes and exponential growth.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
As a company adopts a DevOps approach to software development, what are key things that both the Dev and Ops side of the business must keep in mind to ensure effective continuous delivery? In his session at DevOps Summit, Mark Hydar, Head of DevOps, Ericsson TV Platforms, will share best practices and provide helpful tips for Ops teams to adopt an open line of communication with the development side of the house to ensure success between the two sides.
The IoT is upon us, but today’s databases, built on 30-year-old math, require multiple platforms to create a single solution. Data demands of the IoT require Big Data systems that can handle ingest, transactions and analytics concurrently adapting to varied situations as they occur, with speed at scale. In his session at @ThingsExpo, Chad Jones, chief strategy officer at Deep Information Sciences, will look differently at IoT data so enterprises can fully leverage their IoT potential. He’ll share tips on how to speed up business initiatives, harness Big Data and remain one step ahead by apply...
There will be 20 billion IoT devices connected to the Internet soon. What if we could control these devices with our voice, mind, or gestures? What if we could teach these devices how to talk to each other? What if these devices could learn how to interact with us (and each other) to make our lives better? What if Jarvis was real? How can I gain these super powers? In his session at 17th Cloud Expo, Chris Matthieu, co-founder and CTO of Octoblu, will show you!
Developing software for the Internet of Things (IoT) comes with its own set of challenges. Security, privacy, and unified standards are a few key issues. In addition, each IoT product is comprised of at least three separate application components: the software embedded in the device, the backend big-data service, and the mobile application for the end user's controls. Each component is developed by a different team, using different technologies and practices, and deployed to a different stack/target - this makes the integration of these separate pipelines and the coordination of software upd...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi's VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context w...
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, will explore the current state of IoT connectivity and review key trends and technology requirements that will drive the Internet of Things from hype to reality.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Nowadays, a large number of sensors and devices are connected to the network. Leading-edge IoT technologies integrate various types of sensor data to create a new value for several business decision scenarios. The transparent cloud is a model of a new IoT emergence service platform. Many service providers store and access various types of sensor data in order to create and find out new business values by integrating such data.
There are so many tools and techniques for data analytics that even for a data scientist the choices, possible systems, and even the types of data can be daunting. In his session at @ThingsExpo, Chris Harrold, Global CTO for Big Data Solutions for EMC Corporation, will show how to perform a simple, but meaningful analysis of social sentiment data using freely available tools that take only minutes to download and install. Participants will get the download information, scripts, and complete end-to-end walkthrough of the analysis from start to finish. Participants will also be given the pract...
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, will introduce the technologies required for implementing these ideas and some early experiments performed in the Kurento open source software community in areas ...