TechnologyTechnology – crossed wires trigger IT failure

Technology - crossed wires trigger IT failure

Audit committees and IT departments are failing to communicate effectively, according to a new report from Ernst & Young, seriously undermining risk-management capabilities.

A communication gap between audit committees and IT departments in the UK could threaten the ability of business to manage risk effectively, according to a new report by Ernst & Young.

The survey of heads of internal audit and CIOs, found that only 28% of CIOs thought their audit committee was sufficiently aware of IT risks, and just 34% felt the committee spent enough time discussing the subject.

Erol Mustafa, head of internal audit services at Ernst & Young, said: ‘Today the audit committee must be prepared to, not only discuss, but robustly challenge the IT-related threats and risks facing their business.’

Accuracy and security of data have become vital for businesses as they deal with new international financial reporting standards and face up to internal controls requirements, plus tough new regulation in the form of Sarbanes-Oxley.

But only half of internal audit heads think the audit committee is adequately aware of the IT risks facing their organisation or spend enough time addressing IT issues, while 82% of CIOs admitted their businesses were experiencing a period of significant operational and systems-related change.

‘Regulation such as Sarbox and the future EU Eighth Directive increases the need for audit committees to understand IT risks and implications for the business,’ said Mustafa. ‘Organisations must put greater focus on internal controls and governance structures. IT controls failures can carry heavy operational, financial and reputational risks, particularly when those risks become public knowledge.’

Just half of the heads of internal audit questioned involve their audit committees in developing their IT audit plan, however 86% do involve them in final approval. The report suggested that the IT internal auditor could have a vital role to play in providing the committee with education and knowledge to support its members.

Mustafa commented: ‘An IT internal auditor must have an understanding of IT, but also of audit and be able to communicate in a business sense.’

There is also a dearth of qualified individuals able to carry out an IT audit. Few mainstream auditors have the necessary skills to conduct complex IT reviews, the report claimed, and few IT personnel have the knowledge in IT controls. However, 72% of heads of internal audit expect resources for IT auditing to remain static or decline in the next 12 months.

‘There is a shortage of individuals with the relevant IT risk and control skills and experience,’ Mustafa said.

Related Articles

Is predictive analytics the end of the annual audit?

Audit Is predictive analytics the end of the annual audit?

3d Martin Herron, MHA MacIntyre Hudson
Cybersecurity webinar: how protected are you and your data?

Security Cybersecurity webinar: how protected are you and your data?

7d Emma Smith, Managing Editor
Back to the Future: why financial transformation just hasn’t happened

Technology Back to the Future: why financial transformation just hasn’t happened

1w Workday | Sponsored
GDPR: Don’t forget the human touch

Security GDPR: Don’t forget the human touch

2w Neil Patrick, Director of GRC and Centre of Excellence EMEA for SAP
5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
HMRC scaling back digital projects to ‘release project capability to EU Exit work’

Brexit HMRC scaling back digital projects to ‘release project capability to EU Exit work’

3w Alia Shoaib, Reporter
What is the role of governance, compliance, and control in financial transformation?

Corporate Governance What is the role of governance, compliance, and control in financial transformation?

4w Workday | Sponsored
Grant Thornton joins with Immersive Labs to increase cyber talent

Career Grant Thornton joins with Immersive Labs to increase cyber talent

1m Lucy Skoulding, Reporter