42 percent of organisations rely on outside resources to augment their IT audit departments due to lack of right internal resources, according to a newly released survey from global consulting firm Protiviti.
The study, titled "From Cybersecurity to IT Governance - Preparing Your 2014 Audit Plan," shows that several internal audit functions are not performing IT audit risk assessments on a regular basis.
Many companies that are actually performing these assessments should be doing them more frequently.
One-third of companies with less than US $100 million in revenue are not conducting any type of IT audit risk assessment, and this will lead to several hazards in future.
"Based on the study, it's apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls," said Brian Christensen, Protiviti executive vice president of global internal audit. "As audit plans are developed, these technology challenges should also be top-of-mind for internal audit."
Top technology-related challenges
The survey identifies IT security, IT governance, social media, cloud computing as the top technology-related challenges faced by organisations.
The number of IT audit directors who report to the CIO increased from 2012 to 2013 but the total number of organisations with this reporting relationship is low.
Protiviti says that allowing the IT department to audit itself may lead to disaster because this may decrease independence and objectivity of assessments for organisations.
Because every function of today's organisations is technology-dependent, Christensen suggests companies to overcome several challenges to ensure an efficient, secure IT environment.
"Although there are areas that clearly need attention, it's a good sign that more companies are working to implement IT governance policies and procedures," said David Brand, a Protiviti managing director and leader of the firm's IT Audit practice. "We have seen an uptick in the number of companies that are evaluating IT governance as part of their audit process."
Sign up for CIO Asia eNewsletters.