IT Audit Survey

By Michael Castelluccio
March 1, 2017

Protiviti and ISACA (Information Systems Audit and Control Association) have released their sixth annual IT Audit Benchmarking survey. Noting that IT audit professionals have never been more essential given the challenges of cybersecurity, privacy, and changing infrastructure, the report questions the insufficient involvement of IT audit staff in technology projects.


More than 1,000 executives and professionals worldwide completed the questionnaire in the third and fourth quarters of 2016. Six categories were examined: emerging technologies, involvement in project implementation, the IT audit within the overall audit department, risk assessment, the audit plan, and skills and hiring.


Among the conclusions, cybersecurity and incident response capabilities ascended to the top of this year’s list of concerns of IT audit professionals and CIOs.


The second finding is that there is more executive-level interest in the IT audit. IT audit leaders are attending more audit committee meetings and often find themselves reporting directly to company CEOs. From the other side, chief audit executives are becoming more IT-literate and more involved in the IT audit function.


Although IT audit functions are still more frequently involved in the post-implementation stage, there’s an encouraging increase in involvement in the early stages of IT projects. But despite escalating risks, most companies still perform the IT risk assessments annually, or less often, rather than continually.


Download the 57-page report, A Global Look at IT Audit Best Practices, at http://protiviti.com/ITauditsurvey.




of IT audit directors regularly attend audit committee meetings.

Source: A Global Look at IT Audit Best Practices from ISACA and Protiviti.


Michael Castelluccio has been the technology editor for Strategic Finance for 26 years. His SF TechNotes blog is in its 23rd year. You can contact Mike at mcastelluccio@imanet.org.

0 No Comments
You may also like