IT risk is 'audit blind spot'
Audit is weak when it comes to assessing and managing IT risks, a new report indicates
IT RISK is a blind spot for audit with many companies failing to assess and manage the threats presented by rapidly evolving technology, a new report has shown.
Almost 80% of European, Middle East and Asia-Pacific companies have not completed an evaluation of their IT governance process.
In 31%, line-of-business executives such as chief information officers have minimal involvement with risk assessment, although the number drops to 29% in North American companies.
Risk management consultancy Protiviti said internal audit functions also often fall short, failing to conduct an annual IT threat assessment and frequently lacking the necessary skills to carry out such appraisals.