McAfee for Small Businesses

Audit Fatigue: Ever-increasing Compliance Requirements Are a Burden
on IT Resources

Organizations That Automate IT Controls and Audit Processes Will Benefit

Today's organizations are challenged by an ever-increasing number of regulations, standards and policies that they must comply with.

The bulk of compliance tasks are IT-related. With decreasing budgets and growing demands to improve overall business performance, the impact is particularly burdensome.

To help gauge the toll that audits are taking on IT and to qualify and quantify pain points, McAfee commissioned a survey of IT audit-related functions in North America and Europe.

The results indicate that IT Audit is in the middle of an evolutionary transition, facing great challenges, as well as new opportunities to automate controls and audit processes.

Some key findings:

• Compliance impact is increasing, resulting in higher audit frequency and number: Even Small to mid-sized enterprises (SMB's) are also subject to an increased level of compliance requirements—resulting in higher than expected IT audit engagements.
• Audit costs are unmanaged, resulting in increased cost: A surprising number of respondents conduct audits on an ad-hoc basis rather than as a scheduled effort of an enterprise risk management program. Given the inability to forecast audit and remediation spend, budgetary control is lost—exacerbating the perceived impact of compliance efforts.
• Lack of controls automation, limited process maturity: 'Audit Fatigue' can be attributed to lack of controls automation and unmanaged IT audit processes. IT innovation is constrained due to uncontrolled costs associated with IT audit and issue remediation.
• Automating IT controls and audit processes provide a significant opportunity to decrease risk and limits costs.

Download McAfee sponsored report Risk and Compliance Insights: Audit Effectiveness