A Global Look at IT Audit Best Practices 


Assessing the International Leaders in an ISACA/Protiviti Survey

Assessing the International Leaders in an Annual ISACA/Protiviti Survey

A Global Look at IT Audit Best PracticesISACA and Protiviti partnered to conduct the sixth annual IT Audit Benchmarking Survey. Conducted online, the global survey consisted of a series of questions grouped into six categories:

  • Emerging Technology and Business Challenges
  • IT Implementation Project Involvement
  • IT Audit in Relation to the Overall Audit Department
  • Risk Assessment
  • Audit Plan
  • Skills, Capabilities and Hiring

  Download Report (registration required, 4M)

  Provide feedback on this document

  View News Release


The IT audit function has never held a more crucial role. From substantial cybersecurity and privacy challenges to infrastructure management issues and the implementation of new technologies in the organization, IT auditors play a vital part:

  • helping to maintain security and effective controls
  • navigating a changing business environment and dynamic global marketplace
  • working closely with management and the board of directors

The results of the latest IT Audit Benchmarking Study from ISACA and Protiviti illustrate the increasingly integrated role IT audit leaders and professionals are assuming in regard to technology initiatives in their organizations. A majority have a significant or moderate level of involvement in major technology projects, including at the important planning stages. A majority of IT audit directors regularly attend audit committee meetings (a noteworthy change from just a few years ago).

Yet, as we explore in this report detailing the findings from this year’s survey, there is room for improvement in many areas. Most notably, a substantial percentage of IT audit functions report having minimal or no involvement in significant technology projects in the organization. And for those that are more involved, most of their efforts appear to be focused on the post-implementation stages rather than in planning, design or testing. This leads to a number of questions:

  • Why aren’t IT auditors involved earlier and more often in major technology projects?
  • More broadly, why are certain types of audits not performed?
  • Is lack of the right framework and/or the right IT audit talent and skills the primary issue?
  • Does IT audit have the necessary authorization from management and the board to become involved in these projects earlier and in greater detail?
  • Is IT audit building the appropriate relationships with management and line-of-business leaders to earn a seat at the table when critical technology projects are being planned and implemented?

In our report, we provide possible answers to these questions and guidance for IT audit leaders seeking to grow their function into a strategic partner for their organizations.

View Infographic
View Infographic


View past surveys

  2015 IT Audit Benchmarking Survey (registration required, 6M)

View Infographic
View 2015 Infographic


  2014 IT Audit Benchmarking Survey (registration required, 2.3M)

View Infographic
View 2014 Infographic