According to a survey carried out by Binder Hamlyn, the accountancy firm that is part of Andersen Worldwide, and Internal Auditing magazine, large areas of work normally regarded as standard computer audit functions are being neglected by a "significant proportion" of public-sector organisations.
The report suggests that internal auditors in the sector could be more aware of IT issues themselves. But it also supports the notion that while the public sector might want to get this sort of work done, it cannot necessarily obtain the right people for the job.
Such is the demand in the public and private sectors for people who can review systems security and operations, examine disaster recovery procedures, procure IT facilities and the like that recruitment consultants they can command high salary premiums.
Denis Waxman, managing director of Accountancy Personnel, says there are a lot of openings for temporary and permanent staff in the private and public sectors.
The required skills are so hard to come by that good candidates can almost name their terms. Such people tend to work on short-term contracts (they are called contractors rather than temps) because organisations often have difficulty obtaining the budget to take on somebody full-time. Others - notably banks - might have a specific problem that can be sorted out by one person working long hours over a comparatively short period. But this sort of arrangement seems to suit many specialising in this field.
According to James Wheeler, managing director of Hewitson-Walker, a consultancy specialising in filling temporary vacancies for accountants, one reason for the exploding demand is the huge programme of reform in the public sector, particularly local government and the National Health Service.
"For the first time, they have had to get proper accounting systems in place, and the systems imposed by consultants do not always work." Not surprisingly, then, Mr Waxman sees a lot of people going to work with the district audit offices.
What these recruits find must often be challenging, if not depressing - if the Binder Hamlyn survey is to be believed. A fifth of the 300 respondents in such areas as education, health, housing and local and central government said that system security and controls had not been reviewed in the past three years, while twice as many revealed that disaster recovery procedures had not been examined in this time.
"Given the number of high-profile failures of systems development within the public sector in recent years, it is worrying to discover that some 55 per cent of internal audit departments do not get involved in systems development or IT procurement matters," says Paul Williams, computer risk management partner at Binder Hamlyn. Perhaps the key is to hand over responsibility for the internal audit to some external organisation with expertise in the area.
This can be a cheaper approach than others. However, it could also be argued, says Binder Hamlyn, that this reduction in cost could be just a sign of client pressure to reduce internal audit man-days and, therefore, fees.
With so many pressures, it is hardly surprising that many of those doing this sort of work opt to work for short periods of time.