Cybersecurity and regulatory compliance issues are impacting IT Audit Plans

Cybersecurity, IT governance and risk management and regulatory compliance are some of the key issues impacting IT audit plans this year.

A benchmarking study from global consulting firm Protiviti and ISACA surveyed more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide.

It found that most audit plans for 2018 are impacted by the challenge of cybersecurity. One in five organisations, on average, is not including cybersecurity in its audit plans according to the research. The most commonly cited reason is a lack of qualified resources, specifically people, skills and/or auditing tools.

“Organisations are putting themselves at risk by not planning for and addressing existing and evolving cybersecurity threats within their audit plans,” said Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm’s IT Audit practice. “Planning for cybersecurity not only helps with risk management, but also helps address gaps that can come from digitalisation. As more businesses accelerate the pace of technology transformation and increase their reliance on third-party vendors as part of their digital transformation efforts, the number and severity of cybersecurity risks is increasing.”

When asked to identify their top technology challenges, IT audit leaders and professionals cited IT security and privacy as their top priority. The other responses include infrastructure management, emerging technology and infrastructure changes, resource/staffing/skills challenges, regulatory compliance, budgets and controlling costs, cloud computing/virtualisation, third-party/vendor management, project management and change management, and data management and governance.

EU’s upcoming General Data Protection Regulation (GDPR), which establishes new compliance requirements for information security and data privacy, also highlights the importance of effective data management and protection of organisational data.

“With regulators beginning to look more closely at the security and management of organisational data, we encourage IT audit teams to be aware of all data that an organisation processes, where it resides and how it’s being protected,” added Struthers-Kennedy. “While the increase in data capture and processing activities offers opportunities for enhanced business insight and competitive advantage, it also adds significant risk and therefore data protection needs to be prioritised.”

 

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.