Have an enquiry?

Great, we're here to help! Simply fill in our enquiry form and we'll be in touch.

Enquire Now

Love ITSM?

Join our e-newsletter and gain valuable insight in the world of ITSM.


Study Reveals Widening Gap of IT Risk Auditing

As ever in the technological world, the pace at which IT growth continues to rage on grows ever quicker. 2015 is set to be a similar story, with organisations striving to increase profitability, and naturally relying on IT infrastructure to help achieve that. With IT growth comes the need for auditing and best practice, however a recent study by global consulting firm Protiviti and global IT Association ISACA revealed that the gap between IT growth and the auditing of IT risks is also growing ever wider.

The survey was designed to examine how organisations are assessing the business and technology risks, and it represents over 1,300 IT professionals worldwide, with respondents giving their views on what they thought the top 10 IT challenges would be in 2015. These were revealed to be:

  1. IT security and privacy/cybersecurity
  2. Resource/staffing/skills challenges
  3. Emerging technology and infrastructure changes: transformation, innovation, disruption
  4. Regulatory compliance
  5. Budgets and controlling costs
  6. IT governance and risk management
  7. Big data and analytics
  8. Vendor, third-party and outsourcing risks
  9. Cloud computing/ virtualization
  10. Bridging IT and the business

This led David Brand, a Protiviti managing director and the firm’s global IT audit leader, to say, “We see some positive trends in our results, notably in the number of designated IT audit directors and their regular attendance at audit committee meetings. However, we also see significant gaps to be addressed, including the frequency with which IT audit risk assessments are conducted.”

“Companies cannot ignore the significant security and privacy risks that face their business today,” said Brand. “Based on the survey results, more organizations are recognizing the mission-critical nature of IT internal audit in combating these risks, yet many companies are simply not institutionalizing the processes needed to support this function.”

Importantly, globally respondents cited COBIT as the most accepted framework upon which audit risk assessment is based. Other popular choices were COSO, ISO and SOGP, however it is likely a mix of all of these frameworks presents a better solution. It is important then, that organisations offer staff the necessary training in order to learn about these frameworks in order to reduce risk. Brand goes on to say, “The lack of necessary skills can often predispose internal audit functions to focus on traditional areas where they have the capability to deliver, rather than the most critical, value-adding areas.”

We offer affordable and effective COBIT training for organisations. Our courses allow you to work at your own pace with the help of a tutor, with either 30 or 60 days online access. At the end of the course you will receive a COBIT 5 Foundation qualification, which will enable to your employees to better protect the organisation from the risks of IT Growth.

Recent Posts
  • Asep

    Hi Rajesh,It depends on your cetiaficrtion scheme.Here is the information for the . Transition for Certified OrganizationsThe revised Part 1 document (ISO/IEC 20000-1:2011) will be introduced to the Scheme from the 1st June 2011.For certified organizations who have already been certified within the Scheme before the 1st June 2011:Audits and re-cetiaficrtions of already certified organizations will still be permitted using Part 1 (ISO/IEC 20000-1:2005) for a 24 month period to allow organizations the time to adapt to meet the new requirements. After 01 June 2013, only audits and re-cetiaficrtions using the ISO/IEC 20000-1:2011 will be accepted.For new applications to become ISO20000 certified organizations received after the 1st June 2011:Audits and cetiaficrtions of newly certified organizations will be permitted using ISO/IEC 20000-1:2005 until 01 June 2012. After 01 June 2012, only audits and cetiaficrtions using ISO/IEC 20000-1:2011 will be accepted.

Leave a Comment