This article answers some of the audience questions received during Protiviti’s webinar reviewing the results from the 6th Annual IT Audit Benchmarking Study performed with ISACA.
Questions addressed include: How can growing organizations move from a reactionary approach to IT risk management to a more proactive approach and get ahead of emerging risk issues? Do you see more IT audit shops leveraging continuous auditing to focus on some of the challenges highlighted in the survey? Should the IT audit director report directly to the audit committee? Where does the responsibility for IT risk assessment live—with the IT organization or the IT audit function?