IT security is fundamental to achieving business objectives—which means that understanding and managing IT risk is also fundamental to achieving business objectives.
Should we give up auditing information security and the management of cyber risk? Not at all. But we should do so with eyes wide open. We should recognize the limitations of our knowledge, tools and techniques and the likelihood that hackers have new techniques that are unknown both to auditors and management.
According to Deloitte, IT now plays many fundamental and highly beneficial roles in businesses, including: