​Top 10 Technology Challenges for IT Audit Professionals – New Study from ISACA and Protiviti

Complexity of rapidly changing technology takes #1 spot in international IT audit survey

The top technology challenge faced by IT audit executives and professionals worldwide is to keep pace with emerging technology and infrastructure changes, including transformation, innovation and disruption, according to a new joint survey from global consulting firm Protiviti and ISACA, a global association for IT assurance, governance and cybersecurity professionals. In today’s dynamic and ever-changing business and technology environments, companies are challenged to manage an escalating volume of IT risks at the same rapidity with which they are presented—a task that must be mastered in order to ensure the well-being of a business. The fifth annual IT Audit Benchmarking Survey, titled A Global Look at IT Audit Best Practices, examines where IT audit functions stand in their capabilities to help management and the board of directors address these complex issues.

“Rapid change is the norm in today’s business environment. IT audit professionals have recognised the need to grow their knowledge and expertise while also updating their policies, processes, people and technology, all in order to arm themselves against the increasing challenges and threats presented by an ever-evolving technology landscape,” said David Brand, a Protiviti managing director and leader of the firm's global IT audit practice.

Top 10 Technology Challenges

In the new survey, 1,230 respondents worldwide shared their perceptions of top technology challenges currently facing their organisations. These challenges are consistent with current market activity and have deep interrelationships with each other. The top 10 list follows:

  1. Emerging technology and infrastructure changes ‑ transformation, innovation, disruption
  2. IT security and privacy/cybersecurity
  3. Resource/staffing/skills challenges
  4. Infrastructure management
  5. Cloud computing/virtualisation
  6. Bridging IT and the business
  7. Big data and analytics
  8. Project management and change management
  9. Regulatory compliance
  10. Budgets and controlling costs

Regulatory compliance and budgets/controlling costs have moved down significantly on the list compared to last year, indicating that other emerging areas are now top concerns for respondents.

Other Notable Takeaways from this Year’s Study

There are significant concerns about finding qualified resources and skills – Not only was this noted by respondents as one of today’s top IT challenges, but numerous results suggest that finding the right people with the right knowledge and skills for the right job remains an uphill battle.

Many IT audit reporting lines are still off the mark – Having the IT audit director report to the Chief Audit Executive (CAE) or an equivalent role is ideal, yet many organisations still have other reporting lines in place, bringing into question whether IT audit still falls under the “third line of defense” as an independent function.

IT audit risk assessments are an absolute must – There are small but meaningful numbers of companies that are not conducting any type of IT audit risk assessment. For these organisations, this is a significant risk given the cybersecurity threat environment. Other organisations are adhering to best practices by conducting these risk assessments more frequently.

IT Audit Still Off the Mark

According to the survey results, 60 per cent of the largest public companies surveyed have a designated IT Audit Director or equivalent position within their organisations, and yet, in half of all companies, these individuals do not attend audit committee meetings. Furthermore, many companies still have established reporting structures that are less than optimal. Having the IT Audit Director report to the CAE or equivalent is a best practice, yet 28 per cent of companies in North America and Asia use another, less ideal reporting line. This number is as high as 33 per cent in Latin America and 41 per cent in Europe

"Organisations need to ensure that they address effective IT audit management through a number of controls, including treating IT and cybersecurity risks as strategic-level risks, operating as a truly independent and impartial function, and allotting the necessary resources and expertise, whether internal or external, to help the organisation identify and manage its IT risks effectively," said Christos Dimitriadis, international president of ISACA.

By definition, IT auditors work in collaboration with executive management, the board of directors, IT, legal, human resources and numerous other departments to help their organisations mitigate and control an escalating volume of IT risks that could cripple the enterprise.

On a positive note, the ISACA-Protiviti survey revealed noticeable uptick in the frequency with which IT audit risk assessment are updated by organisations. However, the number of organisations conducting continual assessments still remains low – around 16 per cent for even the largest companies.

Globally, respondents cited COBIT as the most accepted industry framework on which the IT audit risk assessment is based, followed by COSO, ISO and ITIL. In practice, organisations may utilise a combination of these frameworks to complete their risk assessments.

About the Survey Report and Resources Available

The fifth annual IT Audit Benchmarking Survey consisted of a series of questions grouped into five categories: Today's Top Technology Challenges; IT Audit in Relation to the Internal Audit Department; Assessing IT Risks; Audit Plan; and Staff Skills and Capabilities. The survey report, along with an infographic and a short video, is available for complimentary download at www.isaca.org/2015itauditstudy and www.protiviti.com/ITauditsurvey.

Webinar on December 10

Key insights from the survey will be discussed by Brand who will be joined by Bob Kress, managing director of Global IT Audit at Accenture, and Nancy Cohen, director of Privacy and Assurance Practices at ISACA, in a complimentary one-hour webinar on December 10, 2015 at 4:00 a.m. AEDT. Please register atwww.protiviti.com/webinars.

About Protiviti

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 per cent of Fortune 1000® and 35 per cent of Fortune Global 500®companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Named to the 2015 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

About ISACA

ISACA (www.isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.

Join the CSO newsletter!

Error: Please check your email address.

Tags ProtivitiIT audit executivesISACAChief Audit Executive (CAE)

More about AssuranceCSXGlobal ITISACAISONYSEProtivitiRobert HalfTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by CSO staff

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place