More than 1,000 executives and professionals worldwide completed the questionnaire in the third and fourth quarters of 2016. Six categories were examined: emerging technologies, involvement in project implementation, the IT audit within the overall audit department, risk assessment, the audit plan, and skills and hiring.

Among the conclusions, cybersecurity and incident response capabilities ascended to the top of this year’s list of concerns of IT audit professionals and CIOs.

The second finding is that there is more executive-level interest in the IT audit. IT audit leaders are attending more audit committee meetings and often find themselves reporting directly to company CEOs. From the other side, chief audit executives are becoming more IT-literate and more involved in the IT audit function.

Although IT audit functions are still more frequently involved in the post-implementation stage, there’s an encouraging increase in involvement in the early stages of IT projects. But despite escalating risks, most companies still perform the IT risk assessments annually, or less often, rather than continually.

Download the 57-page report, A Global Look at IT Audit Best Practices, at



of IT audit directors regularly attend audit committee meetings.

Source: A Global Look at IT Audit Best Practices from ISACA and Protiviti.


About the Authors