This study looked at how audit committees oversee IT risks. They found that most audit committees don't focus much on IT risks. The audit committees that do look at IT risks mostly deal with traditional ones like monitoring. They don't pay as much attention to IT acquisition and implementation. Members with more auditing experience and knowledge of the COBIT model for assessing IT risks tend to oversee IT risks more. Factors like committee independence, diligence, and company size didn't show a significant impact on IT oversight.