Cyber security and privacy issues, along with infrastructure management and emerging technologies, rank as the top technology challenges organizations face today, according to a recently released survey report from Protiviti and ISACA.
The top-ranking technology challenges revealed are unlikely to surprise anyone. In today’s increasingly digital economy, IT auditors are more important than ever, and they need to be more effective in their roles to deliver on the expectations of the board and management.
The survey identified the following important trends:
• More executive-level interest in IT audit. A majority of IT audit leaders (55 percent) are attending audit committee meetings, and more audit committee members are taking interest in the IT audit risk assessment process. Many IT audit leaders report to the CEO directly.
• More chief audit executives are assuming leadership for the IT audit function. CAEs becoming more technology-literate is a positive trend that underscores the elevated status of the IT audit function.
• The majority of IT audit functions (71 percent) are now involved in major technology projects. However, disappointingly, much of that involvement is in the post-implementation stage.
As I review the survey findings, one word comes to my mind – opportunity. Several of this year’s top technology challenges are very strategic – emerging technologies, an evolving regulatory landscape, and difficulty in bridging the gap between IT and the business. IT auditors can – and are expected to – play an important role in all of these areas. To do so, they need to be well-positioned (both informed and involved) and have strong relationship skills that allow them to partner with their internal clients to deliver value on these strategic items.
Let me offer a couple of recommendations, based on the survey findings:
- Get Involved in large IT projects as early as possible. To deliver effective challenge, IT auditors need to be involved in their organizations’ significant technology projects in the early stages. This does not happen consistently, and opportunities to add value are often missed. Among large companies (those with revenue greater than US $5 billion), only 26 percent of IT audit functions have a significant level of involvement in major technology projects, while 45 percent have a moderate level of involvement. Almost two-thirds of respondents (65 percent) become involved in technology projects only in the post-implementation phase.
- Support the maturation of vendor management processes. This category was new to the survey this year, and it made the top 10 priorities list. Personally, I see vendor management as a critical challenge in the current business landscape, and I am a little surprised it didn’t rank even higher given the number of organizations that have embraced the cloud and are looking to reduce their internal IT footprint. The need for a mature vendor management program increases dramatically as more critical business processes and applications are supported by third parties. Internal and IT auditors should play a key role in determining the effectiveness of a company’s vendor management program.
At the end of the day, the Protiviti/ISACA study points to the importance of IT audit leaders being able to gain the trust of their internal clients. That trust is earned through delivering value and partnering to achieve common objectives. The result is a great opportunity for IT audit to prove itself as a key asset in supporting an organization’s achievement of its strategic objectives.