Archive for the 'IT Audit' Category

Ernst & Young 2008 Global Information Security Survey

The latest release of “Ernst & Young Global Information Security Survey” shows that a growing number of organisations recognise the link between information security and a strong brand / reputation. It covered nearly 1400 senior executives in over 50 countries, and it strongly indicates that a security incident would have a greater impact on reputation and brand than on revenues. Considering the previous results and my experience – it seems that the major drivers of information security spend are shifting from compliance to brand protection.

More importantly, it suggests that the spending is set to increase in Information Security. While, I think there will be major cutbacks in a number of existing areas and the same money will be re-channelled with more robust monitoring of the bottom line.

Survey can be found here


10th Global Information Security Survey by Ernst & Young

The 10th Annual Ernst & Young Global Information Security Survey has been released and it reveals that companies are still failing to implement a holistic approach towards Information Security as the security function remains too isolated from executive management and the strategic decision-making process.

Below are highlights of the survey results:

-Meeting business objectives is a growing focus of information security.

-Information security is now more integrated into overall risk management.

-Information security remains isolated from executive management and the strategic decision making process.

-Improving IT and operational efficiency are emerging as important objectives.

-Compliance continues to be primary driver of information security improvements.

-Privacy and data protection have become increasingly important drivers of information security.

-Organisations rely on audits and self-assessments to evaluate the effectiveness of their information security programs.

-Organisations are demanding more from vendors and business partners in managing third-party relationships.

-The greatest challenge to delivering information security projects continues to be the availability of experienced IT and information security resources.

Click here to download the survey.

Strategic Business Risk: 2008 — The Top 10 Risks for Global Business

Ernst & Young has released a report that idenfies the top 10 strategic risks for global business by analysing top risks by major sectors. Top 10 Strategic Business Risks are:

Regulatory and compliance risk
Global financial shocks
Aging consumers and workforce
The inability to capitalize on emerging markets
Industry consolidation/transition
Energy shocks
Execution of strategic transactions
Cost inflation
Radical greening
Consumer demand shifts

Detail sector specific plotting of risks and report can be downloaded here

PwC releases Internal Audit 2012

PwC released this study a few months ago titled “Internal Audit 2012* – A study examining the future of internal auditing and the potential decline of a controls-centric approach”

Five key trends were identified as:
1. Globalisation
2. Changing internal audit roles
3. Changes in risk management
4. Talent and organisational issues
5. Technological advancement

Also, ten (10) imperatives were suggested to provide the foundation for a high-performance Internal Audit function in the years to come, they are:
1. Achieve sufficient strategic stature for internal audit within the organisation.
2. Develop and regularly update a formal strategic plan aligned with key enterprise-wide objectives and stakeholder expectations.
3. Communicate frequently with key stakeholders on their needs, expectations, and satisfaction with internal audit.
4. Align HR strategies with enterprise and stakeholder needs.
5. Adopt a risk-centric value proposition that focuses continually on enterprise risks.
6. Take an integrated approach to IT audit, one designed to strengthen IT capabilities.
7. Leverage technology to optimise audit operations.
8. Strategically leverage internal audit knowledge and expertise.
9. Commit to continuous quality assurance and improvement.
10. Link performance measures to strategic goals.

The study can be downloaded here

PwC releases – The global state of information security 2007

PwC has released a publication titled “The global state of information security 2007”, which can be downloaded here and in particular the Financial Services industry specific results can be downloaded here

Key findings for the Financial Services sector results are:

-As the global regulatory environment becomes more complex, gains in protecting data privacy have slowed.
-The “insider threat” may actually be growing.
-Dedicating more resources to protecting data is becoming an increasingly strategic priority.
-Measurement and monitoring: Rules are only effective if they’re followed.
-Outsourcing processes to third parties doesn’t transfer risk — it often increases it.

Security Manager’s Journal: Indian Audit Comes With a Silver Lining

A challenge and market driver shared by many global organisations which is already being successfully pursued by several JV-consulting boutiques and Big4’s in the outsourcing regions (India/China/Russia/Hungary/Ireland/etc) through international referrals, joint reporting, branding, etc. They are bit more expensive though, but it reasonably mitigates the risks relating to lack of skill-set in the market place, engagement / audit and most importantly the risk of having terms and conditions with an individual rather than an established entity. Lucky find for the author, but surely it is not an easily repeatable achievement.


An assessment of a partner in India turns up some problems, but they’re small, and the auditor’s a keeper