Welcome!

Artificial Intelligence Authors: Carmen Gonzalez, Jyoti Bansal, Yeshim Deniz, Peter Silva, Pat Romanski

News Feed Item

Protiviti IT Audit Study Analyzes Gaps in Companies' IT Audit Function and Risk Assessments

Survey also identifies top 10 IT challenges

MENLO PARK, Calif., Nov. 5, 2012 /PRNewswire/ -- Although companies continue to increase their investments in and dependency on IT resources, many aren't doing enough to protect themselves, according to a new survey from global consulting firm Protiviti (www.protiviti.com). The firm's 2012 IT Audit Benchmarking Survey (www.protiviti.com/ITauditsurvey) ‑ which also reveals the top 10 technology challenges businesses face ‑ finds that a significant number of organizations do not conduct any type of IT audit risk assessment, and a considerable number of companies that do conduct assessments have critical gaps in their IT audit capabilities. 

(Logo: http://photos.prnewswire.com/prnh/20090115/AQTH541LOGO)

Protiviti's second edition of the IT Audit Benchmarking Survey analyzes some of the underlying IT audit trends and gaps evident in organizations today. In addition to data and analysis, the survey report also includes key questions for audit professionals to consider as they evaluate their own IT audit functions and capabilities.

"There's no question that IT risks can affect the bottom line. To succeed in today's business environment, it's absolutely critical for organizations to understand and manage IT risks that emerge with the rapidly escalating use of technology, and the best way to do that is with well-planned IT audit strategies and activities," said Brian Christensen, Protiviti's executive vice president of global internal audit. "We hope our survey results drive organizations to cast a more critical eye on their own IT audit strategy ‑ whether that means establishing a function or cultivating their IT audit team's experience and capabilities."

The Top 10 Technology Challenges
The IT Audit Benchmarking Survey asked participants to weigh-in – through an open-ended question that required a write-in response – on the top technology challenges that organizations face today. The top issues from the perspective of IT audit, including information security, cloud computing, social media, and risk management and governance, are consistent with those commonly cited by C-level executives and IT organizations. 

  1. Information security (including data privacy, storage, and management)
  2. Cloud computing
  3. Social media
  4. Risk management and governance
  5. Regulatory compliance
  6. Technology integration and upgradation
  7. Resource management
  8. Infrastructure management
  9. Fraud monitoring
  10. Business continuity/disaster recovery

IT Audit Risk Assessments – Good and Bad News
While this year's survey shows some improvement in regard to the number of companies conducting IT audit risk assessments ‑ particularly among organizations with revenues of $100 million - $999.99 million, there is still much room for improvement. Most notably, more than 30 percent of organizations with less than $100 million in annual revenues do not conduct any type of IT audit risk assessment.  

"Our findings also show that even when organizations do conduct IT audit risk assessments, they have some considerable gaps in their capabilities. Those gaps can be just as damaging as skipping an assessment," said David Brand, a Protiviti managing director and the firm's national IT audit leader. "For example, a majority of our respondents are understaffed, meaning less than 20 percent of their internal audit department is made up of IT audit staff."

Seventy-eight percent of survey respondents from companies with revenues greater than $1 billion see those gaps and have concerns that they may lack the necessary resources and skills to sufficiently address all areas of their IT audit plans. Examples of common gaps cited in the survey include limited ability to provide training for the IT audit team; not using outside resources to provide or augment IT audit capabilities; and lack of qualified IT audit professionals.

Additional Highlights

Other research findings of note include:

  • Sixty-five percent of organizations conduct their IT audit risk assessments on an annual basis, which may not be adequate to keep pace with the current rate of technology change and innovation.
  • Evaluating and assessing the IT governance process, as called for under The Institute of Internal Auditors Standard 2110.A2, is not a priority for organizations, regardless of size or region. On average, less than 30 percent of companies have complied with this standard, and less than one in three plans to do so within the next year.  

"Companies today face new IT-related risks and challenges every day," Brand said. "Internal auditors need to be more nimble than ever before and must constantly fine-tune their approach to the IT audit risk assessment to make a positive impact on their organizations."

Protiviti conducted its IT Audit Benchmarking Survey in the first and second quarters of 2012. Survey participants were comprised of more than 300 professionals worldwide, including chief audit executives, audit directors, and IT audit directors and managers. They responded to questions covering four categories:  IT audit in relation to the internal audit department; assessing IT risk; IT audit in relation to the internal audit department; and skills and capabilities. To learn more about the 2012 IT Audit Benchmarking Survey and obtain a complimentary copy of the report, please visit: www.protiviti.com/ITauditsurvey.

Podcast Available with Additional Survey Insights  
Protiviti has produced a podcast that offers David Brand's analysis and commentary about the findings in the survey. Please visit www.protiviti.com/podcasts to listen or download the complimentary podcast.

About Protiviti 
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, the firm has served more than 35 percent of FORTUNE® 1000 and Global 500 companies. Protiviti also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half International (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.

Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

 

SOURCE Protiviti

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
In today's uber-connected, consumer-centric, cloud-enabled, insights-driven, multi-device, global world, the focus of solutions has shifted from the product that is sold to the person who is buying the product or service. Enterprises have rebranded their business around the consumers of their products. The buyer is the person and the focus is not on the offering. The person is connected through multiple devices, wearables, at home, on the road, and in multiple locations, sometimes simultaneously...
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often un...
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, discussed the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...