A majority of large global companies (55 percent) only conduct an IT audit risk assessment on an annual or even less-frequent basis.
New research from Provtiviti and ISACA discovered that cyber-security and privacy issues, along with infrastructure management and emerging technology, rank as the top technology challenges that organisations face today.
Other top technology or business challenges that the surveyed organisations face today are resource/staffing/skills challenges, regulatory compliance, budgets and controlling costs, cloud computing/virtualisation, bridging IT and the business, project management and change management and finally, third-party/vendor management.
The research analysed responses from 1062 global IT audit and internal audit leaders and professionals and found that IT audit is becoming more involved in major technology implementation projects within organisations.
With a growing number of IT audit leaders reporting directly to the CEO (26 percent in Europe and 13 percent in North America), there is an increasing interest in C-level IT audit.
Twenty-six percent of IT audit functions have a significant level of involvement in major technology projects, while 45 percent have a moderate level of involvement. IT audit is most frequently involved in the post-implementation stages (65 percent).
In a majority of organisations (55 percent), the IT audit director regularly attends audit committee meetings.
“Seeing greater involvement by IT audit in significant technology projects is a positive trend, especially considering the dynamic nature of technology and critical risks related to security and privacy. This is also notable because a substantial percentage of IT projects tend to run over budget and behind schedule and fail to achieve the desired objectives. Having IT audit bring a mindset of risk and control to these projects can be highly advantageous,” said Christos Dimitriadis, PhD, CISA, CRISC, chair of ISACA's board of directors and group director of information security for INTRALOT.
“We believe there is an opportunity for organisations to derive the most value from their major IT projects by engaging IT audit earlier rather than downstream in the projects. With a solid foundation of assurance on the front end, organisations can have the confidence they need to be innovative and fast-paced in pursuit of their business goals,” Dimitriadis said.