2014 IT audit survey results released by Protiviti, a consulting firm, provided some perspective on where some healthcare organizations are at the moment in IT auditing, including security, and strengthening governance and controls, and the level in which they’re managing IT risk.
The vendor’s third-annual IT audit benchmarking study, titled From Cyber security to IT Governance – Preparing Your 2014 Audit Plan, more than 460 IT audit executives and professionals were surveyed, including 6 percent of healthcare providers and 3 percent payers. Some of the top technology challenges identified include IT security, IT governance, vendor management, big data analytics and cloud computing, among others. IT security, including data security, cyber security and mobile security, was the number one challenge for the second consecutive year.
Following are the key findings from the report:
- Organizations should be looking to expand IT audits as one component of a broadening net of assurance to evaluate the design and operating effectiveness of management’s security risk assessment, system of controls and monitoring of the environment.
- Organizations do not have adequate IT audit resources, and these resources are not always a formal part of the audit group.
- Not enough companies are performing IT audit risk assessments on a regular basis, nor are they updating these assessments as frequently as they should. As a result, IT components aren’t being sufficiently reviewed.
- Strong IT governance and controls are a priority across all industries.
Brian Christensen, Protiviti executive vice president of global internal audit in the press release said “In today’s organizations, virtually every function is technology-dependent, which means companies face a greater number of challenges to ensure an efficient, secure IT environment. Based on the study, it’s apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls. As audit plans are developed, these technology challenges should also be top-of-mind for internal audit.”
Some of the numbers suggest that there needs to be improvement in the different industries. According to the report, 42 percent of organizations reported that they rely on outside resources to augment their IT audit departments because they lack the appropriate internal resources to fully assess potential risks. And one-third of companies with less than $100 million in revenue do not conduct any type of IT audit risk assessment.
David Brand, a Protiviti managing director and leader of the firm’s IT Audit practice said “Although there are areas that clearly need attention, it’s a good sign that more companies are working to implement IT governance policies and procedures. We have seen an uptick in the number of companies that are evaluating IT governance as part of their audit process”.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.