An IT audit benchmarking survey by consulting firm Protiviti has found that many organisations, including one in four with revenues of up to $1bn, have not conducted any kind of IT audit risk assessment. In addition, 42 per cent of respondents acknowledged that there were specific parts of their IT audit plans that they could not address properly owing to a lack of resources and expertise.
The survey confirmed that the smaller the company, the less likely it was to have an IT audit function: 43 per cent of companies turning over less than $100m a year had no such department. Of organisations with annual revenues of $100m to $1bn, 82 per cent did not have a designated IT audit director or an equivalent role.
Protiviti also found that nearly 70 per cent of North American companies and nearly 80 per cent of companies in Europe, Africa and Asia had not completed an evaluation and assessment of their IT governance process, as outlined in the IIA’s standard 2110.A2.
Mark Peters, UK director at Protiviti, said: “If an internal audit function is not thinking about IT governance, IT risks and conducting an IT risk assessment, it should be. The increased use of, and demand for, technology and data compel companies to review how they are used and the risks this creates.”
For more information about the survey, visit bit.ly/qH2pxF