To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39168530,00.htm

Businesses must do better on tech risk
It's a worrying trend, says KPMG...

By Tim Ferguson

Published: Friday 21 September 2007

A significant proportion of corporate audit departments are failing to address IT risk sufficiently, leaving businesses vulnerable and open to security threats.

Almost a third (30 per cent) of audit staff feel their audit committee doesn't spend enough time looking at IT risk, according to research by KPMG's Audit Committee Institute (ACI).

Read all about IT…

Check out the Editor's Blog for the silicon.com chief's take on the hot tech issues of the moment.

Half said they don't have oversight responsibility for business continuity, and more than half (55 per cent) said they don't have responsibility for auditing risk around information security and privacy.

Around one in five (21 per cent) said they don't have responsibility for any IT compliance or control issues.

In general, the survey showed nine out of 10 audit committee members feel at least some improvements need to be made with their oversight of IT risk issues.

Director of KPMG's ACI in the UK, Tim Copnell, said this is a worrying trend due to businesses' reliance on IT.

He added that if audit committees aren't paying sufficient attention to the IT risk then businesses could be unwittingly exposed.

Instead of IT, the top priorities for audit committee members are more general risk management, internal controls and accounting judgements.

The ACI survey covered 1,300 audit committee members in 25 countries.