The Wall Street Journal Risk & Compliance Journal: Survey Roundup: Properly Aligning the IT Audit Function
Date: December 9, 2015
A look at some recent surveys and reports dealing with risk and compliance issues. Send surveys and reports to firstname.lastname@example.org.
Reporting Report: A survey of 1,230 IT audit executives by consulting firm Protiviti and IT association Isaca found while 60% of the largest public companies surveyed have a designated IT audit director or equivalent position–in half the companies, these individuals don’t attend audit committee meetings. The report said while the best reporting line is for the IT audit director to report to the chief audit executive, 28% of companies in North America and Asia use another reporting line.
“Organizations need to ensure that they address effective IT audit management through a number of controls, including treating IT and cybersecurity risks as strategic-level risks, operating as a truly independent and impartial function, and allotting the necessary resources and expertise, whether internal or external, to help the organization identify and manage its IT risks effectively,” said Christos Dimitriadis, international president of Isaca.
Not So Thorough: A survey by Verified Volunteers of people who work for nonprofit corporations or who oversee volunteer programs said that 85% of organizations that perform background checks on volunteers found misdemeanor or felony convictions on 2% or fewer of their applicants—which indicates they may not be conducting very extensive checks.
Black Frauday: A report from data protection firm iovation of retail online transactions during the Black Friday shopping weekend found 1.1% of all online retail transactions during that period were fraudulent.
Not Safe Inside: A report from International Business Machines Corp. on insider threats found 32% of data breaches occur because of malicious activity by insiders, while 24% occur because of insider errors or failures to follow established procedures.
What Good Looks Like: A report from the Ethics & Compliance Initiative highlights the attributes of a high-quality ethics and compliance program.
Cloud Concerns: A survey of around 600 It professionals worldwide by IT auditing software firm Netwrix found 65% of respondents said they remain afraid of moving company data to the cloud because of security concerns, while 40% said they were worried about the loss of physical control over the data.
Practice For Imperfect: Crisis management consultancy Insignia is out with a paper looking at how companies can produce effective crisis simulations to improve reputational resilience.
Challenges Ahead: A report from law firm Baker McKenzie highlights seven compliance challenges in Latin America and what companies can do to overcome them.
Write to Ben DiPietro at email@example.com, and follow him on Twitter @BenDiPietro1.