Protiviti IT Audit Study Analyzes Gaps in Companies' IT Audit Function and Risk Assessments

Protiviti IT Audit Study Analyzes Gaps in Companies' IT Audit Function and Risk Assessments

Survey also identifies top 10 IT challenges

MENLO PARK, Calif., Nov. 5, 2012 /CNW/ - Although companies continue to increase their investments in and dependency on IT resources, many aren't doing enough to protect themselves, according to a new survey from global consulting firm Protiviti (www.protiviti.com). The firm's 2012 IT Audit Benchmarking Survey (www.protiviti.com/ITauditsurvey) ? which also reveals the top 10 technology challenges businesses face ? finds that a significant number of organizations do not conduct any type of IT audit risk assessment, and a considerable number of companies that do conduct assessments have critical gaps in their IT audit capabilities.

(Logo: http://photos.prnewswire.com/prnh/20090115/AQTH541LOGO)

Protiviti's second edition of the IT Audit Benchmarking Survey analyzes some of the underlying IT audit trends and gaps evident in organizations today. In addition to data and analysis, the survey report also includes key questions for audit professionals to consider as they evaluate their own IT audit functions and capabilities.

"There's no question that IT risks can affect the bottom line. To succeed in today's business environment, it's absolutely critical for organizations to understand and manage IT risks that emerge with the rapidly escalating use of technology, and the best way to do that is with well-planned IT audit strategies and activities," said Brian Christensen, Protiviti's executive vice president of global internal audit. "We hope our survey results drive organizations to cast a more critical eye on their own IT audit strategy ? whether that means establishing a function or cultivating their IT audit team's experience and capabilities."

The Top 10 Technology Challenges The IT Audit Benchmarking Survey asked participants to weigh-in – through an open-ended question that required a write-in response – on the top technology challenges that organizations face today. The top issues from the perspective of IT audit, including information security, cloud computing, social media, and risk management and governance, are consistent with those commonly cited by C-level executives and IT organizations.

1. Information security (including data privacy, storage, and

management) 2. Cloud computing 3. Social media 4. Risk management and governance 5. Regulatory compliance 6. Technology integration and upgradation 7. Resource management 8. Infrastructure management 9. Fraud monitoring 10. Business continuity/disaster recovery

IT Audit Risk Assessments – Good and Bad News While this year's survey shows some improvement in regard to the number of companies conducting IT audit risk assessments ? particularly among organizations with revenues of $100 million - $999.99 million, there is still much room for improvement. Most notably, more than 30 percent of organizations with less than $100 million in annual revenues do not conduct any type of IT audit risk assessment.

"Our findings also show that even when organizations do conduct IT audit risk assessments, they have some considerable gaps in their capabilities. Those gaps can be just as damaging as skipping an assessment," said David Brand, a Protiviti managing director and the firm's national IT audit leader. "For example, a majority of our respondents are understaffed, meaning less than 20 percent of their internal audit department is made up of IT audit staff."

Seventy-eight percent of survey respondents from companies with revenues greater than $1 billion see those gaps and have concerns that they may lack the necessary resources and skills to sufficiently address all areas of their IT audit plans. Examples of common gaps cited in the survey include limited ability to provide training for the IT audit team; not using outside resources to provide or augment IT audit capabilities; and lack of qualified IT audit professionals.

Additional Highlights

Other research findings of note include:

    --  Sixty-five percent of organizations conduct their IT audit risk
        assessments on an annual basis, which may not be adequate to
        keep pace with the current rate of technology change and
        innovation.
    --  Evaluating and assessing the IT governance process, as called
        for under The Institute of Internal Auditors Standard 2110.A2,
        is not a priority for organizations, regardless of size or
        region. On average, less than 30 percent of companies have
        complied with this standard, and less than one in three plans
        to do so within the next year.

"Companies today face new IT-related risks and challenges every day," Brand 
said. "Internal auditors need to be more nimble than ever before and must 
constantly fine-tune their approach to the IT audit risk assessment to make a 
positive impact on their organizations."

Protiviti conducted its IT Audit Benchmarking Survey in the first and second 
quarters of 2012. Survey participants were comprised of more than 300 
professionals worldwide, including chief audit executives, audit directors, 
and IT audit directors and managers. They responded to questions covering four 
categories:  IT audit in relation to the internal audit department; assessing 
IT risk; IT audit in relation to the internal audit department; and skills and 
capabilities. To learn more about the 2012 IT Audit Benchmarking Survey and 
obtain a complimentary copy of the report, please visit: 
www.protiviti.com/ITauditsurvey.

Podcast Available with Additional Survey Insights    Protiviti has produced a 
podcast that offers David Brand's analysis and commentary about the findings 
in the survey. Please visit www.protiviti.com/podcasts to listen or download 
the complimentary podcast.

About Protiviti   Protiviti (www.protiviti.com) is a global consulting firm 
that helps companies solve problems in finance, technology, operations, 
governance, risk and internal audit. Through its network of more than 70 
offices in over 20 countries, the firm has served more than 35 percent of 
FORTUNE(®) 1000 and Global 500 companies. Protiviti also works with smaller, 
growing companies, including those looking to go public, as well as with 
government agencies.

Protiviti is a wholly owned subsidiary of Robert Half International (NYSE: 
RHI). Founded in 1948, Robert Half International is a member of the S&P 500 
index.

Protiviti is not licensed or registered as a public accounting firm and does 
not issue opinions on financial statements or offer attestation services.

NOTE TO EDITORS: Infographic of high-level survey results available in JPEG 
and PDF.

Kathy Keller, +1-650-234-6252, kathy.keller@protiviti.com

http://www.protiviti.com

http://photos.prnewswire.com/prnh/20090115/AQTH541LOGO

PRN Photo Desk, photodesk@prnewswire.com

SOURCE: Protiviti

To view this news release in HTML formatting, please use the following URL: 
http://www.newswire.ca/en/releases/archive/November2012/05/c5024.html

CO: Protiviti
ST: California
NI: CPR ELE NET FIN INS HEA ECOSURV ECO 

-0- Nov/05/2012 18:02 GMT