Click here to close now.

Welcome!

SAP Authors: Elizabeth White, Liz McMillan, Plutora Blog, Carmen Gonzalez, Automic Blog

News Feed Item

Protiviti IT Audit Study Analyzes Gaps in Companies' IT Audit Function and Risk Assessments

Survey also identifies top 10 IT challenges

MENLO PARK, Calif., Nov. 5, 2012 /PRNewswire/ -- Although companies continue to increase their investments in and dependency on IT resources, many aren't doing enough to protect themselves, according to a new survey from global consulting firm Protiviti (www.protiviti.com). The firm's 2012 IT Audit Benchmarking Survey (www.protiviti.com/ITauditsurvey) ‑ which also reveals the top 10 technology challenges businesses face ‑ finds that a significant number of organizations do not conduct any type of IT audit risk assessment, and a considerable number of companies that do conduct assessments have critical gaps in their IT audit capabilities. 

(Logo: http://photos.prnewswire.com/prnh/20090115/AQTH541LOGO)

Protiviti's second edition of the IT Audit Benchmarking Survey analyzes some of the underlying IT audit trends and gaps evident in organizations today. In addition to data and analysis, the survey report also includes key questions for audit professionals to consider as they evaluate their own IT audit functions and capabilities.

"There's no question that IT risks can affect the bottom line. To succeed in today's business environment, it's absolutely critical for organizations to understand and manage IT risks that emerge with the rapidly escalating use of technology, and the best way to do that is with well-planned IT audit strategies and activities," said Brian Christensen, Protiviti's executive vice president of global internal audit. "We hope our survey results drive organizations to cast a more critical eye on their own IT audit strategy ‑ whether that means establishing a function or cultivating their IT audit team's experience and capabilities."

The Top 10 Technology Challenges
The IT Audit Benchmarking Survey asked participants to weigh-in – through an open-ended question that required a write-in response – on the top technology challenges that organizations face today. The top issues from the perspective of IT audit, including information security, cloud computing, social media, and risk management and governance, are consistent with those commonly cited by C-level executives and IT organizations. 

  1. Information security (including data privacy, storage, and management)
  2. Cloud computing
  3. Social media
  4. Risk management and governance
  5. Regulatory compliance
  6. Technology integration and upgradation
  7. Resource management
  8. Infrastructure management
  9. Fraud monitoring
  10. Business continuity/disaster recovery

IT Audit Risk Assessments – Good and Bad News
While this year's survey shows some improvement in regard to the number of companies conducting IT audit risk assessments ‑ particularly among organizations with revenues of $100 million - $999.99 million, there is still much room for improvement. Most notably, more than 30 percent of organizations with less than $100 million in annual revenues do not conduct any type of IT audit risk assessment.  

"Our findings also show that even when organizations do conduct IT audit risk assessments, they have some considerable gaps in their capabilities. Those gaps can be just as damaging as skipping an assessment," said David Brand, a Protiviti managing director and the firm's national IT audit leader. "For example, a majority of our respondents are understaffed, meaning less than 20 percent of their internal audit department is made up of IT audit staff."

Seventy-eight percent of survey respondents from companies with revenues greater than $1 billion see those gaps and have concerns that they may lack the necessary resources and skills to sufficiently address all areas of their IT audit plans. Examples of common gaps cited in the survey include limited ability to provide training for the IT audit team; not using outside resources to provide or augment IT audit capabilities; and lack of qualified IT audit professionals.

Additional Highlights

Other research findings of note include:

  • Sixty-five percent of organizations conduct their IT audit risk assessments on an annual basis, which may not be adequate to keep pace with the current rate of technology change and innovation.
  • Evaluating and assessing the IT governance process, as called for under The Institute of Internal Auditors Standard 2110.A2, is not a priority for organizations, regardless of size or region. On average, less than 30 percent of companies have complied with this standard, and less than one in three plans to do so within the next year.  

"Companies today face new IT-related risks and challenges every day," Brand said. "Internal auditors need to be more nimble than ever before and must constantly fine-tune their approach to the IT audit risk assessment to make a positive impact on their organizations."

Protiviti conducted its IT Audit Benchmarking Survey in the first and second quarters of 2012. Survey participants were comprised of more than 300 professionals worldwide, including chief audit executives, audit directors, and IT audit directors and managers. They responded to questions covering four categories:  IT audit in relation to the internal audit department; assessing IT risk; IT audit in relation to the internal audit department; and skills and capabilities. To learn more about the 2012 IT Audit Benchmarking Survey and obtain a complimentary copy of the report, please visit: www.protiviti.com/ITauditsurvey.

Podcast Available with Additional Survey Insights  
Protiviti has produced a podcast that offers David Brand's analysis and commentary about the findings in the survey. Please visit www.protiviti.com/podcasts to listen or download the complimentary podcast.

About Protiviti 
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, the firm has served more than 35 percent of FORTUNE® 1000 and Global 500 companies. Protiviti also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half International (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.

Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

 

SOURCE Protiviti

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable cloud platform.
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of Cloud and Mobile Strategy at GENBAND, will explore what is needed to take a real time communications ...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the datacenter.
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional Social, Mobile and Cloud user experiences, our solutions help large and medium-sized organizations dr...
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, will discuss how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at the same time reduce Time to Market (TTM) by using plug and play capabilities offered by a robust I...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
After making a doctor’s appointment via your mobile device, you receive a calendar invite. The day of your appointment, you get a reminder with the doctor’s location and contact information. As you enter the doctor’s exam room, the medical team is equipped with the latest tablet containing your medical history – he or she makes real time updates to your medical file. At the end of your visit, you receive an electronic prescription to your preferred pharmacy and can schedule your next appointment.
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting wearables as fashion accessories and moving away from the original clunky technology associated with t...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
The WebRTC Summit 2015 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
SOA Software has changed its name to Akana. With roots in Web Services and SOA Governance, Akana has established itself as a leader in API Management and is expanding into cloud integration as an alternative to the traditional heavyweight enterprise service bus (ESB). The company recently announced that it achieved more than 90% year-over-year growth. As Akana, the company now addresses the evolution and diversification of SOA, unifying security, management, and DevOps across SOA, APIs, microservices, and more.
The list of ‘new paradigm’ technologies that now surrounds us appears to be at an all time high. From cloud computing and Big Data analytics to Bring Your Own Device (BYOD) and the Internet of Things (IoT), today we have to deal with what the industry likes to call ‘paradigm shifts’ at every level of IT. This is disruption; of course, we understand that – change is almost always disruptive.
SYS-CON Events announced today that SafeLogic has been named “Bag Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SafeLogic provides security products for applications in mobile and server/appliance environments. SafeLogic’s flagship product CryptoComply is a FIPS 140-2 validated cryptographic engine designed to secure data on servers, workstations, appliances, mobile devices, and in the Cloud.
GENBAND has announced that SageNet is leveraging the Nuvia platform to deliver Unified Communications as a Service (UCaaS) to its large base of retail and enterprise customers. Nuvia’s cloud-based solution provides SageNet’s customers with a full suite of business communications and collaboration tools. Two large national SageNet retail customers have recently signed up to deploy the Nuvia platform and the company will continue to sell the service to new and existing customers. Nuvia’s capabilities include HD voice, video, multimedia messaging, mobility, conferencing, Web collaboration, deskt...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborate. Cisco and our partners are building the platform for the Internet of Everything by connecting the...
Temasys has announced senior management additions to its team. Joining are David Holloway as Vice President of Commercial and Nadine Yap as Vice President of Product. Over the past 12 months Temasys has doubled in size as it adds new customers and expands the development of its Skylink platform. Skylink leads the charge to move WebRTC, traditionally seen as a desktop, browser based technology, to become a ubiquitous web communications technology on web and mobile, as well as Internet of Things compatible devices.