No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Protiviti and ISACA Study Reveals Disparity Between Growth of IT in Business and Auditing of IT Risks

by Corporate Compliance Insights
November 19, 2014
in GRC Vendor News
Protiviti and ISACA Study Reveals Disparity Between Growth of IT in Business and Auditing of IT Risks

Survey highlights the evolving role of IT audit professionals

MENLO PARK, Calif., Nov. 19, 2014 – Although organizations have made strides in establishing best practices for the IT audit function, many are struggling to keep pace with global IT risks amid rapidly changing technology environments, according to a joint survey from global consulting firm Protiviti and global IT association ISACA. The fourth annual IT Audit Benchmarking Survey examines how organizations are assessing and mitigating critical business and technology risks. The global survey reflects the sentiments of more than 1,300 IT audit executives and professionals worldwide.

“Concerns over cybersecurity, industry disruptors and regulatory compliance have moved many organizations, and audit committees in particular, to become more engaged in the IT audit function,” said David Brand, a Protiviti managing director and the firm’s global IT audit leader. “We see some positive trends in our results, notably in the number of designated IT audit directors and their regular attendance at audit committee meetings. However, we also see significant gaps to be addressed, including the frequency with which IT audit risk assessments are conducted.”

Top Technology Challenges

In the survey, respondents provided their views on the top technology challenges faced by their organizations today. These challenges serve as an undercurrent for most of the findings in the study. The top 10 global IT challenges are:

 

  1. IT security and privacy/cybersecurity
  2. Resource/staffing/skills challenges
  3. Emerging technology and infrastructure changes: transformation, innovation, disruption
  4. Regulatory compliance
  5. Budgets and controlling costs
  6. IT governance and risk management
  7. Big data and analytics
  8. Vendor, third-party and outsourcing risks
  9. Cloud computing/ virtualization
  10. Bridging IT and the business

 

“Companies cannot ignore the significant security and privacy risks that face their business today,” said Brand. “Based on the survey results, more organizations are recognizing the mission-critical nature of IT internal audit in combating these risks, yet many companies are simply not institutionalizing the processes needed to support this function.”

 

Establishing Organization-Wide Support for IT Audit

According to the survey, more than half of the largest public companies surveyed have a designated IT Audit Director or equivalent position within their organizations, and 48 percent reported that these individuals regularly attend audit committee meetings – a number that has doubled over the past three years. Additionally, respondents indicated that their audit committees have increased their involvement in the IT risk assessment process, with 20 percent reporting significant involvement as compared to 14 percent in 2013.

 

“The increased resources and attention to IT audit is a positive sign that companies of all sizes around the world are recognizing the significant benefits of this critical function,” said Robert E. Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Even though organizations have different goals and operate in different marketplaces, there are many common pain points and risks, such as fraud, cybersecurity incidents, rising costs, project success/failure, outsourcing issues and regulatory requirements that can be addressed with effective IT audit management.”

 

Small Gains in IT Audit Risk Assessments

The ISACA/Protiviti survey reveals a modest uptick in the number of organizations that update their IT audit risk assessment on a continual basis. However, this number still remains low – around 15 percent – for even the largest companies.

 

“Most of these organizations are updating their IT audit risk assessments only once a year,” added Brand. “Leading companies are tackling this project once a quarter, and although we expected more companies to follow suit, it has not been the case. Consider that new IT risks are emerging constantly. The most streamlined way to anticipate and counter these risks is through a formal update of the IT audit risk assessment.”

 

Additional Highlights

Other research findings of note include:

  • Globally, respondents cited COBIT as the most accepted industry framework on which the IT audit risk assessment is based, followed by COSO, ISO and SOGP. In practice, organizations may utilize a combination of these frameworks to complete their risk assessments.
  • Across every region and size of respondent organization, lack of resources ranks as the top reason why companies are using outside resources to augment their IT audit skills – and in fact, the percentages are very consistent. These findings are also in line with the top technology challenges outlined above.

 

“Leveraging the right skills and IT audit specialists is imperative to ensure a truly risk-based approach that’s relevant to the IT challenges facing organizations today,” said Brand. “The lack of necessary skills can often predispose internal audit functions to focus on traditional areas where they have the capability to deliver, rather than the most critical, value-adding areas.”

 

 

About the Report

Protiviti and ISACA conducted the fourth annual IT Audit Benchmarking Survey during the third quarter of 2014. This global survey includes insights from 1,330 IT audit leaders across the globe, including chief audit executives, IT audit vice presidents and directors. The survey consisted of a series of questions grouped into five categories: Today’s Top Technology Challenges, IT Audit in Relation to the Internal Audit Department, Assessing IT Risks, Audit Plan and Skills and Capabilities.

 

The survey report, an infographic highlighting key results and a short video are available for complimentary download at www.protiviti.com/ITauditsurvey and www.isaca.org/2014ITauditstudy.

Webinar and Podcast

Key insights from the survey will be discussed by Protiviti’s David Brand and ISACA’s Director of Privacy and Assurance Practices Nancy Cohen in a complimentary webinar on December 2, 2014 at 10:00 a.m.PST. Please register at www.protiviti.com/webinars. Additionally, Protiviti has produced a podcast featuring Protiviti’s Brand and ISACA’s Stroud. Please visit www.protiviti.com/podcasts to listen or download the complimentary podcast.

 

About Protiviti

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000® and FORTUNE Global 500® companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

 

Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

 

About ISACA

With more than 115,000 constituents in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus™, a comprehensive set of resources for cybersecurity professionals, and COBIT®, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) credentials. The association has more than 200 chapters worldwide.


Previous Post

Understanding and Reducing Business Travel Risks for Employees

Next Post

Corruption, Risk and Business Strategy. Which One Manages the Others?

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

blocks representing business ownership

Corporate Transparency Rollback Would Be Bad for Business

by Jamie A. Schafer
May 23, 2025

FinCEN’s ill-conceived interim rule will prolong uncertainty for businesses and further damage America’s standing abroad

Kovr 2F Partnership

Kovr.ai Partners With Second Front Systems for Government Software Accreditation

by Corporate Compliance Insights
May 22, 2025

Kovr.ai and Second Front Systems have partnered to automate software accreditation processes for government agencies through a combined platform that...

SolidusLabs Launch

Solidus Labs Launches AI Agent for Trade Surveillance

by Corporate Compliance Insights
May 22, 2025

Solidus Labs has launched an agentic AI system for trade surveillance workflows at financial institutions. The New York-based firm's platform,...

TrustCloud Funding

TrustCloud Raises $15M

by Corporate Compliance Insights
May 22, 2025

Security assurance platform TrustCloud has raised $15 million in strategic funding led by ServiceNow Ventures. Cisco Investments, Presidio Ventures, OpenView...

Next Post
Corruption, Risk and Business Strategy. Which One Manages the Others?

Corruption, Risk and Business Strategy. Which One Manages the Others?

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights