Risk
11/22/2006
01:25 AM
50%
50%

Compliance Compromises Audits

Almost half of Chief Audit Executives believe that regulatory compliance pressures have impacted their ability to complete thorough audits

LONDON -- Almost half of Chief Audit Executives believe that regulatory compliance pressures have impacted their ability to complete thorough audits, according to research launched today. The burden of compliance has hit companies hard and these results highlight the challenge posed by compliance regulation that requires companies to assess and test the effectiveness of internal controls on an ongoing basis.

The research, Evolving Role of Internal Audit, was commissioned by ACL Services in cooperation with The Institute of Internal Auditors (The IIA), and is a global survey of more than 800 chief audit executives. The survey uncovers the key business challenges that have arisen from balancing compliance requirements with the traditional duties of internal audit.

The study confirms that in the midst of compliance burdens, audit leaders view the adoption of continuous monitoring and audit technology as an important solution to many of the problems identified. Indeed over 90 percent of audit executives feel that their organisations should automate the testing of their internal controls (continuous monitoring) at the management and business process owner level.

Key findings from the survey include:

  • One in five audit executives felt their department's independence was compromised by their involvement in compliance programmes
  • A total of 36 percent of organisations have adopted a continuous auditing approach across either all or within select business processes
  • 39 percent plan to implement continuous auditing in the near future
  • A shortage of skilled internal audit staff was identified as the most critical challenge to fulfilling the internal audit mandate (68 percent)
  • Other major global challenges identified were the complexity of the IT environment (65 percent) and the lack of ownership for controls and related risk (62 percent)

"Compliance can be a time-consuming distraction of internal auditing's focus from its day-today responsibilities," said Dave Richards, president of The Institute of Internal Auditors. "If this prevents the internal auditors from completing the audit plan, it leaves companies wide open to a vast array of other risks that should be assessed and monitored. Software that automates the testing of internal controls to help meet compliance requirements can be a useful tool in balancing the scope of internal audit work."

ACL Services Ltd.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.