Businesses must do better on tech risk

A significant proportion of corporate audit departments are failing to address IT risk sufficiently, leaving businesses vulnerable and open to security threats.

Almost a third (30 per cent) of audit staff feel their audit committee doesn't spend enough time looking at IT risk, according to research by KPMG's Audit Committee Institute (ACI).

Read all about IT…

Check out the Editor's Blog for the silicon.com chief's take on the hot tech issues of the moment.

Half said they don't have oversight responsibility for business continuity, and more than half (55 per cent) said they don't have responsibility for auditing risk around information security and privacy.

Around one in five (21 per cent) said they don't have responsibility for any IT compliance or control issues.

In general, the survey showed nine out of 10 audit committee members feel at least some improvements need to be made with their oversight of IT risk issues.

Director of KPMG's ACI in the UK, Tim Copnell, said this is a worrying trend due to businesses' reliance on IT.

He added that if audit committees aren't paying sufficient attention to the IT risk then businesses could be unwittingly exposed.

Instead of IT, the top priorities for audit committee members are more general risk management, internal controls and accounting judgements.

The ACI survey covered 1,300 audit committee members in 25 countries.