You are here: silicon.com > Software > Security Strategy

Security Strategy

Boards underestimate tech risk

Execs struggle with pace of IT change...

Tags: technology, it, audit, board

By Tim Ferguson

Published: 5 September 2007 16:00 BST

Company executives are failing to address the IT risks facing their organisations despite the subject being higher up the boardroom agenda than ever before.

More than two thirds (68 per cent) of internal audit bosses believe their board isn't able to fully understand IT risks, according to research carried out by PricewaterhouseCoopers (PwC) for the Institute of Internal Auditors (IIA).

Some of the blame lies with the people who assess risk within organisations but who are failing to communicate effectively with the board over the issue.

Read all about IT…

Check out the Editor's Blog for the silicon.com chief's take on the hot tech issues of the moment.

The research found two thirds of internal audit departments are spending less than 20 per cent of their time reviewing IT risk.

PwC said boards don't have practical experience with IT and so don't fully understand the risks and opportunities that technology presents. Almost nine out of 10 (87 per cent) senior managers also said they find the pace of change in IT a major challenge. As a result, boardrooms have an incomplete view of IT risk for their business.

Grant Waterfall from risk assurance services at PwC said boardroom executives are looking for more assurance about IT as technology investment increases.

Gail Eastbrook, CEO of the IIA, said internal audit departments are well placed to respond to this problem if they can initiate discussions between the board and IT department.

But she added this means the skills base within the internal audit departments may need to be reassessed to improve engagement with the rest of the business.

The IT Risk - Closing the Gap report quizzed 250 senior executives, including CIOs and internal audit managers.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
FORENSICS SECURITY CONSULTANT CISSP QSA

They are a market leader in IS0 27001 services, vulnerability management, audit and assessment consulting through the Payment Card Industry Data ...

PAYMENT CARD SECURITY CONSULTANTS - CISSP PCI DSS - ESSEX - PERMANENT

They are a market leader in IS0 27001 services, vulnerability management, audit and assessment consulting through the Payment Card Industry Data ...

Senior Auditor, 30,000-38,000+ benefits, Peterborough

My Financial Services Client requires a Senior Auditor to work with their audit and compliance team. The ideal candidate will be ACA or ACCA ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.





Quick Sitemap Links: