IT-related Risks to Worry About

Keeping up with the emergence of IT-related risks is a major challenge. Perhaps the greatest risk for the IT audit function is losing touch with what is happening, so that risks may emerge that are not addressed in the audit plan.

One way, perhaps the best way, is to persuade the IT function to monitor IT-related risks on a pretty continuous basis, and share the results of that risk identification and assessment program with the audit function.

Within the last week, a couple of statistics came across my screen:

  1. The majority of investments in cloud-based services are driven by end users and business managers. As a result, only 9% (according to an article in the April 2011 issue of Risk and Insurance) of cloud service providers are screened by security professionals within the company.
  2. A study conducted by CREDANT (British IT Research firm) revealed that in 2010 more than 14,000 USB sticks were left behind at 500 dry cleaners and laundromats across UK. Now the risk of people stealing information using USB sticks has been recognized for a long time. But I had not heard about the risk of accidental loss on such a scale as this.

How does your internal audit function keep up with technology-related risks?

Posted on May 11, 2011 by Norman Marks

Share This Article:    

Leave a Reply