IT auditing on the rise but still lacking: survey

As IT becomes increasingly crucial to businesses, auditing for technology risks is struggling to catch up, leading to a disparity, according to international IT governance association ISACA and Protiviti, a global business consulting and internal audit firm.

In its fourth year, their joint study called the IT Audit Benchmarking Survey revealed that more than half of the largest public companies surveyed now have “a designated IT Audit Director or equivalent position within their organizations.” Almost half of them regularly attended audit committee meetings, a figure that the study says has doubled over the last three years.

On the flipside, audit committees have increased their functions to include IT risk assessment, with one in five reporting significant involvement.  This is a 6 per cent increase over last year.

“The common benchmark would be that 20 percent of your activity from an audit perspective should be focused on technology,” said David Brand, a Protiviti managing director and the firm’s global IT audit leader.  “Some would argue it should be higher depending on the nature of your business.”

Yet while these figures are encouraging, and the vast majority of businesses do IT risk assessment – as much as 89 per cent in North America – what is more revealing is the frequency at which they do this, Brand said.

Eighty-two percent of North American companies conduct these audits only semi-annually or less despite financial assessments likely taking place every quarter,

“There are still companies we run into where the management team views internal audit as an extension of external audit, in other words, they should only be financial risk,” Brand said.  “That is contrary to every accepted framework and guidance that comes from professional organizations.”

What’s worse, Brand added, is that it’s difficult to find people who are trained to have the skepticism of an auditor with the technological know-how of an IT professional. He says that this type of expertise still often takes a dual major or a graduate degree.  This demand for cross-disciplinary professionals was also identified by the survey, which indicated that, after security and privacy, the second biggest technology challenge to businesses is staffing and skills.

“Every single client I work with has open positions; they’re trying to hire IT auditors.  If you look at all of the external auditing firms, it’s one of the harder positions they have trouble [filling].”

What is driving the need is that companies are starting to realize that underneath traditional systems lie increasing amounts of technology, Brand said.

“The majority of regulations, if you peel back what they’re looking for, many of them have to do with collecting, summarizing, reporting on data that flows through the organization, and the company’s ability to do that,” he said.  “It really has a link to IT.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Yin
Dave Yin
Digital Staff Writer at Computer Dealer News, covering Canada's IT channel.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.