Project management and change management remain on the of the top 10 technology challenges facing IT auditors, according to a recently released survey of 1 323 audit professionals and executives worldwide.
The 7th annual IT Audit Benchmarking survey was undertaken by independent, non-profit association ISACA (Information Systems Audit and Control Association) and Protiviti, a global consulting firm.
Asked to name and rank the top technology challenges that would impact their 2018 audit plans, half of all survey participants listed project management and change management as a challenge, placing this sixth on a list of 13 challenges.
However, for participants from Africa, project management and change management was a far greater concern, with 68% of participants from the region naming it as an area of concern: a far higher percentage than from any other region. In fact, for African participants, project management and change management was the third most cited technology challenge, behind emerging technology and infrastructure changes; and even IT security.
In response to a question about the most significant risk factor for IT implementation projects within their organisations, survey participants ranked the absence of a defined and documented project management methodology second, just behind frequency of updates to project goals and outcomes based on changing business requirements,
Their other identified risk factors are probably shared by most project managers: goals and objectives not being clearly defined; lack of a formal project governance structure; frequency of change in project specifications without formal assessment; lack of stakeholder engagement; and the level of employee turnover on project teams. The IT Audit respondents also bemoaned the capabilities and skills of the project manager and/or broader project team.
Andrew Struthers-Kennedy, MD, Global IT Audit Leader at Protiviti, said that while many IT audit functions concentrated purely on the basics of IT auditing with regard to areas of focus and frequency, there was growing recognition that this had to change.
"Given the pace of digital transformation and organisational change, IT audit groups need to become more agile, dynamic and progressive in the ways they assess potential risk areas in IT initiatives and the overall IT environment," he explained.
This included become more engaged, far earlier, and in a more integrated fashion with projects involving technology system and application implementations.
The survey report recommended that the IT audit function play a role throughout the entire technology project lifecycle, beyond the areas where it had traditionally focused: project governance, development and testing, data conversion, documentation and training. These included having IT audit involved in issues around project delivery such as strategic and process alignment, corporate culture, stakeholder engagement, human capital, and organisational change readiness.
"IT audit functions that are involved early and throughout the technology implementation lifecycle can help to ensure project risks are more likely to be identified, escalated, evaluated and acted upon as close to real-time as possible, enabling projects to stay on track," the report's authors stated.
"However, despite the value that IT audit's contributions can deliver, our results indicate that this type of comprehensive IT audit involvement in technology implementations remains the exception rather than the rule," they concluded.