Not enough companies understand their IT risks, and this is leading to a remarkable amount of security breaches, failed risk assessments and other money-hemorrhaging problems. In an IT audit conducted by Protiviti, about 500 executives and professionals revealed that almost 1 in 4 did not conduct any sort of IT risk assessment, and 42% indicated they didn’t have the right resources to address specific areas of concern. As this article on Information Week India explains, it comes down to all the new risks from emerging technologies:
“There are simply too many risks associated with the pervasive use of technology including social media and mobile devices and not enough focus on identifying and managing those risks. Businesses have to get serious about addressing IT risks or they will fall victim to their own vulnerabilities. We hope that our survey data and insights will inspire organizations to take a hard look at the effectiveness of their IT audit function,” said Bob Hirth, Executive Vice President and Leader – Global Internal Audit and Financial Controls Practice.
The survey also reveals that smaller companies are less likely to have IT auditing at all, while mid-sized companies were likely to not have a designated IT audit director or someone who was in charge of assuring IT audits took place. Without having a standard process in place and someone who is in charge of overseeing that process, companies expose themselves to otherwise manageable risks.