6th Annual IT Audit Benchmarking Survey
A Global Look at IT Audit Best Practices – Assessing the International Leaders in an Annual ISACA Protiviti Survey
The IT audit function has never held a more crucial role. From substantial cybersecurity, privacy and infrastructure challenges and management issues to the implementation of new technologies in the organisation, IT auditors work closely with management and the board of directors to fulfil a vital role in helping maintain an effective control environment amid a changing business climate and dynamic global marketplace.
The results of the latest IT Audit Benchmarking Study from ISACA and Protiviti illustrate the increasingly integrated role IT audit leaders and professionals are assuming in regard to technology initiatives in their organisations. A majority have a significant or moderate level of involvement in major technology projects, including at the important planning stages. A majority of IT audit directors regularly attend audit committee meetings (a noteworthy change from just a few years ago). Yet, as we explore in this report, there is room for improvement in many areas. Most notably, a substantial percentage of IT audit functions report having minimal or no involvement in significant technology projects in the organisation. And for those that are more involved, most of their efforts appear to be focused on the post-implementation stages rather than in planning, design or testing.
Why aren’t IT auditors involved earlier and more often in major technology projects? More broadly, why are certain types of audits not performed? Is lack of the right framework and/or the right IT audit talent and skills the primary issue? Does IT audit have the necessary authorisation from management and the board to become involved in these projects earlier and in greater detail? Is IT audit building the appropriate relationships with management and line-of-business leaders to earn a seat at the table when critical technology projects are being planned and implemented? In our report, we provide possible answers to these questions and guidance for IT audit leaders seeking to grow their function into a strategic partner for their organisations.
- Cybersecurity is viewed as the top technology challenge
- There appears to be more executive-level interest in IT audit
- More CAEs are beginning to carry leadership for IT audit directly
- Most IT audit shops have significant or moderate level of involvement in key technology projects
- Most perform IT audit risk assessments, though a majority do so annually or less frequently
Top Technology Challenges
- IT security and privacy/cybersecurity
- Infrastructure management
- Emerging technology and infrastructure changes – transformation, innovation, disruption
- Resource/staffing/skills challenges
- Regulatory compliance
- Budgets and controlling costs
- Cloud computing / virtualisation
- Bridging IT and the business