As ever in the technological world, the pace at which IT growth continues to rage on grows ever quicker. 2015 is set to be a similar story, with organisations striving to increase profitability, and naturally relying on IT infrastructure to help achieve that. With IT growth comes the need for auditing and best practice, however a recent study by global consulting firm Protiviti and global IT Association ISACA revealed that the gap between IT growth and the auditing of IT risks is also growing ever wider.
The survey was designed to examine how organisations are assessing the business and technology risks, and it represents over 1,300 IT professionals worldwide, with respondents giving their views on what they thought the top 10 IT challenges would be in 2015. These were revealed to be:
- IT security and privacy/cybersecurity
- Resource/staffing/skills challenges
- Emerging technology and infrastructure changes: transformation, innovation, disruption
- Regulatory compliance
- Budgets and controlling costs
- IT governance and risk management
- Big data and analytics
- Vendor, third-party and outsourcing risks
- Cloud computing/ virtualization
- Bridging IT and the business
This led David Brand, a Protiviti managing director and the firm’s global IT audit leader, to say, “We see some positive trends in our results, notably in the number of designated IT audit directors and their regular attendance at audit committee meetings. However, we also see significant gaps to be addressed, including the frequency with which IT audit risk assessments are conducted.”
“Companies cannot ignore the significant security and privacy risks that face their business today,” said Brand. “Based on the survey results, more organizations are recognizing the mission-critical nature of IT internal audit in combating these risks, yet many companies are simply not institutionalizing the processes needed to support this function.”
Importantly, globally respondents cited COBIT as the most accepted framework upon which audit risk assessment is based. Other popular choices were COSO, ISO and SOGP, however it is likely a mix of all of these frameworks presents a better solution. It is important then, that organisations offer staff the necessary training in order to learn about these frameworks in order to reduce risk. Brand goes on to say, “The lack of necessary skills can often predispose internal audit functions to focus on traditional areas where they have the capability to deliver, rather than the most critical, value-adding areas.”
We offer affordable and effective COBIT training for organisations. Our courses allow you to work at your own pace with the help of a tutor, with either 30 or 60 days online access. At the end of the course you will receive a COBIT 5 Foundation qualification, which will enable to your employees to better protect the organisation from the risks of IT Growth.