IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a just-released benchmarking study from global consulting firm Protiviti and ISACA, a global association helping individuals and enterprises in the IT audit/assurance, governance, risk and information security space.

The seventh annual survey of more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide found that most audit plans for 2018 are impacted by the challenge of cybersecurity. Yet more progress is still needed, as one in five organizations, on average, is not including cybersecurity in its audit plans. The most commonly cited reason is a lack of qualified resources, specifically people, skills and/or auditing tools. Such shortcomings need to be addressed with urgency.

“Organizations are putting themselves at risk by not planning for and addressing existing and evolving cybersecurity threats within their audit plans,” said Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm’s IT Audit practice. “Planning for cybersecurity not only helps with risk management, but also helps address gaps that can come from digitalisation. As more businesses accelerate the pace of technology transformation and increase their reliance on third-party vendors as part of their digital transformation efforts, the number and severity of cybersecurity risks is increasing.”

“Given the increased focus on digital transformation within organizations, it’s important for IT auditors to be involved throughout the entire technology project lifecycle to ensure policies and processes are put in place to mitigate risk,” said Theresa Grafenstine, chair of ISACA’s board of directors. “IT audit leaders looking to become more engaged within their organization’s major technology projects have to build credibility with executive management teams by demonstrating the value that the IT audit function provides.”

Top Technology Challenges

Asked to identify their top technology challenges, IT audit leaders and professionals cited IT security and privacy as their top priority. The top ten responses are:

  1. IT security and privacy/cybersecurity
  2. Infrastructure management
  3. Emerging technology and infrastructure changes – transformation, innovation, disruption
  4. Resource/staffing/skills challenges
  5. Regulatory compliance
  6. Budgets and controlling costs
  7. Cloud computing/virtualisation
  8. Third-party/vendor management
  9. Project management and change management
  10. Data management and governance

The above listed areas portray an interrelated dynamic – emerging technologies and digital transformation place greater pressure on existing IT infrastructure and cause companies to explore alternative delivery models (e.g. through third-party arrangements), while giving rise to new cybersecurity and privacy risks – all of which require an evolution in the skillset of IT auditors.

The upcoming enactment of the EU’s General Data Protection Regulation (GDPR), which establishes new compliance requirements for information security and data privacy, further highlights the importance of effective data management and protection of organizational data.

“With regulators beginning to look more closely at the security and management of organizational data, we encourage IT audit teams to be aware of all data that an organization processes, where it resides and how it’s being protected,” added Struthers-Kennedy. “While the increase in data capture and processing activities offers opportunities for enhanced business insight and competitive advantage, it also adds significant risk and therefore data protection needs to be prioritised.”

Source: PR Newswire