IT risks not being communicated

There is little common language between business and IT, survey finds

Boards are not being communicated risk

IT–related risks are crucial to business success but are not understood by the board, says research by PricewaterhouseCoopers (PwC) on behalf of The Institute of Internal Auditors.

Ninety-eight per cent of companies see IT as strategically important to future success. But sixty-eight per cent of respondents believe boards do not understand technology risks .

Communication is not what it should be, said PwC partner Grant Waterfall.

'Our survey findings suggest that boards and audit committees may not have all the skills they need to understand and deal with IT risk, while mechanisms for communicating risks to the board may also not be effective enough,' he said.

More than a third of senior management respondents and almost half of internal audit heads feel IT professionals lack the ability to communicate risk and its potential business impact in a way that the board understands.

Effective communication between those with business and those with IT expertise is crucial, said Waterfall.

'Assessing risk is a team game, bringing together IT professionals who understand the technology but not necessarily the business impact that has to be managed, and business managers who lack the technical background but could draw out the potential business implications,' he said.