Protiviti researches most Cos. unable to manage IT risks

According to a new survey from Protiviti, a majority of companies still do not place enough emphasis on understanding and addressing their IT risks despite businesses' overwhelming reliance on technology and a continuing increase in information security breaches. Results from the firm's 2011 IT Audit Benchmarking Survey reveal that many organizations, including one in four with revenues up to $1 billion, are not conducting any kind of IT risk assessment. 42 percent of organizations acknowledge there are specific parts of their IT audit plans that they cannot address sufficiently due to a lack of resources and expertise.

Protiviti's inaugural IT Audit Benchmarking Survey seeks to analyze some of the many underlying IT audit trends and gaps evident in organizations today. In addition to data and analysis, the survey report also includes key questions for audit professionals to consider as they evaluate their own IT audit functions.

Bob Hirth, Protiviti Executive VP & Leader of the firm's global internal audit & financial controls practice said, "There are simply too many risks associated with the pervasive use of technology ‑ including social media and mobile devices ‑ and not enough focus on identifying and managing those risks. Businesses have to get serious about addressing IT risks or they will fall victim to their own vulnerabilities. We hope that our survey data and insights will inspire organizations to take a hard look at the effectiveness of their IT audit function."

David Brand, Managing Director & National IT Audit Leader, Protiviti said, "If an organization or internal audit function is not thinking about IT governance, IT risks and specifically IT risk assessment, it should be. The increased use of and demand for technology and data compel companies to review how these technologies are being leveraged and the risks they are creating."