Are You Tired Of Throwing Money At A Mediocre IT Company?
We Can Help.
Businesses in New Hampshire should be aware of IT risks they have. Does your business do an IT risk assessment as often as needed?
IT has become an important, if not the most important, department in most companies in New Hampshire as they continue to increase their budgets and dependency on technological resources. However, many of these same companies aren’t doing near enough to protect themselves and their proprietary data according to a survey by Protiviti, a global consulting firm.
The firm’s 7th Annual IT Audit Benchmarking Survey revealed the top tech challenges facing businesses right now, and found that numerous companies don’t conduct any type of risk assessment for their IT departments, and a significant number of organizations that do conduct these assessments have crucial gaps in their audit capabilities.
This edition of the IT Audit Benchmarking Survey takes a look at some trends and gaps underlying their findings. The survey results report includes analysis, data, and critical questions for IT audit professionals to examine as they evaluate IT audit capabilities and functions in their own businesses.
Protiviti’s executive vice president of global internal audit, Brian Christensen, has said that there is no question that IT risks can easily affect the bottom line in any organization. In today’s business environment, success requires that companies prioritize the critical understanding and management of IT risks that are emerging with the quickly escalating use of technology. The best way to act on these risks is with periodic planned IT audit activities and strategies.
The survey asked participants to give their opinions, via an open-ended question requiring a written response, on the most important technology challenges facing companies and organizations today. These top issues are consistent with those commonly stated by IT organizations and C-level executives, and they are from the view of an IT audit which includes cloud computing, information security, risk governance and management, and social media.
This year’s survey does show some improvement in regard to the number of businesses that conduct IT risk assessments especially in corporations with revenues of $100 million to $999 million, there is plenty of room for companies to improve according to Protiviti. The most notable data reveals that more than 20 percent of corporations with less that $100 million in revenues annually, don’t conduct IT audit risk assessments of any kind.
David Brand, one of Protiviti’s managing directors, has said that these findings show that even when businesses conduct their IT audit risk assessments that they have several sizable gaps in their capabilities. Having these gaps can often be as damaging to corporations as not doing any assessment at all. As one example, a majority of respondents to the survey are understaffed which means that less than 20 percent of their inside audit department consists of trained IT audit personnel. A majority of respondents from businesses with revenues higher than $1 billion are aware of these gaps and are concerned that they don’t have the necessary personnel with skills to completely address every area of their IT audit plans. Some examples of routine gaps discussed in the survey include lack of qualified IT professionals, limited capability to provide critical training for their IT audit team, and not using any outside resources to augment or provide IT audit functions.
Protiviti’s results show that at least 65 percent of companies do conduct their own IT audit risk assessments on a yearly basis, but that might not be adequate to keep up with the changes and innovations that are being adopted in the tech field.
Assessing and evaluating the process of IT governance which is recommended under the Internal Auditors Standard 2110.A2 isn’t a priority for some companies no matter where they are located. The number of businesses that have complied with this recommendation has grown, but is still not enough to stay secure from the malware that is evident in the global arena.