Cybersecurity is the leading risk area for IT audit departments, with related risks such as privacy and data also ranking among the top concerns, according to a new study from ISACA and Protiviti.
ISACA and Protiviti partnered in creating the IT Audit Technology Risks Survey, which provides IT audit perspectives on today’s top technology risks, revealing a dynamic threat landscape. The benchmarking report is based on a survey, fielded in the fourth quarter of 2021, of more than 7,500 IT audit leaders and professionals, including chief audit executives (CAEs) and IT audit vice presidents and directors, representing a wide range of industries globally. Top takeaways from the report include:
- Security breaches are the greatest concerns — Cybersecurity is the top-ranked technology risk area, with related concerns like data privacy, managing security incidents, disaster recovery, access risks and third-party risks also ranking at the top. On a scale of 1-10 for the top 10 global technology risks, cyber breaches ranked at a 7.65, an increase close to an entire point compared to last year’s rating at 6.97.
- Data governance and integrity are under scrutiny — In an era of constant digital transformations, it can seem impossible to keep up. Respondents indicated that such assessments are proving to be difficult with the frequency and magnitude of internal changes and transformations, in addition to external, variable disruptions. When asked about the prevalence of data governance and data integrity in the annual audit plan, 72% and 71% responded that they are included, which demonstrates an increase from last year’s 69% and 62%, respectively.
- There is a rapid increase of regulatory compliance burdens and risks — As legal and regulatory compliance requirements constantly shift, IT audit teams are having trouble keeping up with new data privacy and security rules. Additionally, these rapid developments create snowballing implications on organizational data management and technology-related activities. On a scale of 1-10 for the top 10 global technology risks, monitoring regulatory compliance ranked at a 7.15, an increase compared to last year’s rating at 6.64.
The top risks cited in this year’s survey highlight the vital yet sensitive role that data plays in organizations today, with respondents expressing significant concerns regarding the way in which data is gathered, governed and secured.
“Given the increasingly complex and rapidly changing technology risk landscape we’re in, it’s imperative for IT audit leaders to understand they are responsible for maintaining a holistic view of IT risks impacting the entire organization,” said Angelo Poulikakos, a managing director at Protiviti and global leader of the firm’s Technology Audit practice. “This requires tech-enablement from an audit standpoint and regular calibration of risk assessments to suit the current environment, rather than ‘rinsing and repeating’ the work from previous years.”
Added Paul Phillips, director of event content development and the risk professional practices lead at ISACA: “With a global focus on data regulation, it may be easy to view data solely through a lens of compliance. However, consumer concern with how their data are used and stored and other operational matters that can quickly become reputational matters should not be discounted. As IT auditors assess risk and evaluate controls associated with data, the tremendous organizational value (and responsibility) of data should always be top of mind.”
On 28 July 2022 at 10 a.m. PDT, Protiviti will host a free one-hour webinar to further explore the implications of the survey. To learn more and for additional resources related to the report, visit here.