Security and privacy top IT audit risk poll
Written by Peter Walker
Security, privacy and data management have been ranked as the top challenges facing IT audit function, according to Protiviti and ISACA.
Based on a survey of 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide, the eighth annual benchmarking study also found staffing and skills challenges, and third-party vendor management rounding off the top five tech challenges.
As organisations seek to leverage data with technologies such as Robotic Process Automation, artificial intelligence and machine learning, IT audit functions are becoming increasingly focused on evaluating risks associated with data collection, processing and reporting.
IT audit functions defined as ‘leaders’ in the report have significantly increased exposure to strategic activities, including being invited to participate in key IT department committees. Leaders also assessed and identified technology risk on a more frequent, even continual, basis. They also included cyber security in their plans on a more frequent basis than those who have lower levels of engagement and interaction with the IT department.
Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm’s IT Audit practice, comented that as much as companies are focusing on cyber security and protecting their data, "they’re still behind given the changing landscape, growing sophistication of cyber criminals, evolving regulatory requirements such as GDPR and persistent gaps and process breakdowns that emerge as part of their ongoing transformation projects".
Organisations in every sector are experiencing a shortage of skills and resources today in IT audit. Of the surveyed businesses with revenues ranging from $100 million to $1 billion, nearly a third (32 per cent) were unable to address specific areas of the annual IT audit plan due to a lack of resources and skills.
The survey revealed the top five skills most in demand were expertise in advanced and enabling technologies (44 per cent), critical thinking (32 per cent), data science (27 per cent), agile methodology (20 per cent), communications expertise (17 per cent).