Boards underestimate tech risk

Company executives are failing to address the IT risks facing their organisations despite the subject being higher up the boardroom agenda than ever before.

More than two thirds (68 per cent) of internal audit bosses believe their board isn't able to fully understand IT risks, according to research carried out by PricewaterhouseCoopers (PwC) for the Institute of Internal Auditors (IIA).

Some of the blame lies with the people who assess risk within organisations but who are failing to communicate effectively with the board over the issue.

Read all about IT…

Check out the Editor's Blog for the silicon.com chief's take on the hot tech issues of the moment.

The research found two thirds of internal audit departments are spending less than 20 per cent of their time reviewing IT risk.

PwC said boards don't have practical experience with IT and so don't fully understand the risks and opportunities that technology presents. Almost nine out of 10 (87 per cent) senior managers also said they find the pace of change in IT a major challenge. As a result, boardrooms have an incomplete view of IT risk for their business.

Grant Waterfall from risk assurance services at PwC said boardroom executives are looking for more assurance about IT as technology investment increases.

Gail Eastbrook, CEO of the IIA, said internal audit departments are well placed to respond to this problem if they can initiate discussions between the board and IT department.

But she added this means the skills base within the internal audit departments may need to be reassessed to improve engagement with the rest of the business.

The IT Risk - Closing the Gap report quizzed 250 senior executives, including CIOs and internal audit managers.