Where to even begin?
An uncertain global economy, volatile geopolitical developments, a persistent pandemic, a changing regulatory landscape, and an evolving catalog of technology risk concerns have created mounting challenges for IT audit leaders and their functions.
It is a real eye opener seeing the results of the latest IT Audit Technology Risks Survey from ISACA and Protiviti. One clearly apparent trend in the survey findings: The risk scores in this year’s survey have increased significantly compared to the prior year’s results, indicating perceptions that the current technology risk landscape is much riskier.
Important takeaways from our research:
- The greatest IT audit concerns lie with cybersecurity-related breaches and related risk issues — Across nearly every industry and organization type, cybersecurity is the top-ranked technology risk. Related cyber issues such as data privacy, managing security incidents, disaster recovery, access risk and third-party risk also rate as top concerns given that they can lead to reputation damage, loss of revenue/customers and regulatory fines/scrutiny.
- Data governance and data integrity are being scrutinized — These risk issues are proving difficult given the frequency and magnitude of internal changes and transformations as well as external disruptions and volatility.
- Regulatory compliance burdens and risk are increasing rapidly — IT audit teams, as well as other departments (e.g., legal, compliance, IT), are scrambling to keep pace with new data privacy and data security rules as well as changing legal and regulatory compliance requirements that have growing implications for organizational data management and technology-related activities.
ISACA and Protiviti partnered to conduct the 10th annual IT Audit Technology Risks Study in the fourth quarter of 2021. The in-depth survey report (which includes a detailed breakdown of benchmarking data by organization size, region, industry and more), podcast, infographic and webinar are available from Protiviti here and from ISACA here.