Ineffective IT audit ‘leaves firms vulnerable to risk’
Posted on 20 April 2009
Companies could be leaving themselves vulnerable to “core business risks” because they are not undertaking regular IT audits, a new survey has found.
The poll of 297 finance professionals across Europe, the Middle East and Africa was conducted by professional services firm KPMG in association with the Institute of Internal Auditors and the Information Systems Audit and Control Association.
It found that only 16 per cent of respondents currently use rolling or quarterly planning for IT audits, while a further 25 per cent have no planning framework at all.
Over three-quarters (78 per cent) said they conduct their audit planning only on an annual basis.
KPMG said the need for more regular reviews has “never been greater”, given the vital role of technology in business and the high frequency of opportunities for deliberate sabotage.
Warren Middleton, the firm’s global head of IT internal audit, said: “It’s clear from our survey that IT internal auditors must position themselves at the heart of the business to ensure that the business and technology risks are well understood.”
