Audit committees ignoring IT risks
Almost half of internal audit chiefs believe audit committees don't challenge IT departments enough to gauge the risks facing their organisations, according to new research.
Almost half of internal audit chiefs believe audit committees don't challenge IT departments enough to gauge the risks facing their organisations, according to new research.
Link: Compliance with IFRS the UK’s biggest IT issue
A new survey found that 42% of heads of internal audit and 72% of chief information officers polled by Ernst & Young aren’t confident the audit committee is aware of the IT risks facing their organisations.
Erol Mustafa, partner at Ernst & Young who heads up IT internal audit services, said: ‘Today the audit committee must be prepared to not only discuss but confidently challenge the IT related threats, vulnerabilities and risks facing their business.’
‘Regulation, such as Sarbanes-Oxley and the future EU eighth directive, increases the need for audit committees to understand IT risks and implications for the business. Organisations must put greater focus on internal controls and governance structures.
‘IT controls failures or an inability to detect and resolve IT control issues can carry heavy operational, financial and reputational risks, particularly when those risks become public knowledge.’