Monthly newsletter Weekly news roundup Breaking news notification    

UK boards lack real understanding of IT risks facing their companies

Get free weekly news by e-mailTechnology-related risks figure higher on the agenda of UK company boards than ever before but new research questions whether board members really have sufficient understanding of their organisation’s IT risks to address them adequately.

The research, carried out by PricewaterhouseCoopers LLP on behalf of The Institute of Internal Auditors - UK and Ireland, surveyed business leaders and heads of internal audit in a wide range of companies and public sector organisations on how they manage IT risk. It found that 98 percent of those companies see IT as strategically important to the future success of their business.

The report on the findings, ‘IT Risk – Closing the Gap’, points out that in 74 percent of organisations, IT-related risk, in particular the potential for complex projects to fail, has risen higher up the board agenda and 87 percent of senior management respondents say it is a major challenge to respond to the pace of change in IT.

At the same time, a clear majority (68 percent) of heads of internal audit surveyed believe boards do not understand the IT risks they face while an even greater proportion (74 percent) say they would like to provide more assurance over IT risk at a strategic level. This view is shared by a similar number of senior management respondents who feel boards are looking for more comfort and assurance than internal audit is currently providing.

The survey also highlighted a lack of mutual understanding between the board and the IT professionals over how to assess risk. Over a third of senior management respondents and almost half of internal audit heads feel IT professionals lack the ability to communicate IT risk and its potential business impact in a way that the board understands. This leads to the board having an incomplete picture of the IT risks faced by the organisation.

Well over a third of senior management respondents believe that internal audit departments, as they currently operate, lack the appropriate capabilities to provide the board with assurance over IT risks that it needs. Some heads of internal audit agree, suggesting they are well aware of the obstacles they face in providing effective assurance.

Read the complete report.

Date: 4th Sept 2007• Region: UK Type: Article •Topic: BC statistics
Rate this article or make a comment - click here

BC Journal



Copyright 2008 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help