Now is the time for technology audit groups to evolve.
The big picture: This year’s Global Technology Audit Risks Survey, conducted by Protiviti and The Institute of Internal Auditors (The IIA), reveals a complex and multifaceted landscape of technology risks.
Why it matters: Our survey results reveal a dichotomy in technology risk management capabilities. While organizations appear well-equipped to manage traditional compliance-related risks, they fall short in preparedness and proficiency levels for emerging technology risks like artificial intelligence (AI), machine learning (ML), third-party vendor management and IT talent management.
By the numbers: This study serves as both a mirror and a road map, reflecting the current state of technology risks while also guiding technology audit leaders and teams through the maze of challenges and opportunities that lie ahead. Among the key findings:
- Nearly 75% of all respondents, and even more chief audit executives and technology audit leaders (82%), consider cybersecurity to be a high-risk area.
- Only 28% of organizations indicate AI (including generative AI) and ML pose significant threats over the next 12 months. However, while AI may not be perceived as an immediate threat, it is rising rapidly on the risk horizon. A majority of technology audit leaders and teams — 54% — believe advanced AI systems present substantial risks in the coming two to three years.
- Third-party and vendor risk has a high perceived threat level for 60% of respondents, combined with low levels of organizational preparedness and technology audit proficiency.
Internal audit opportunities — mapping the risk landscape: The chart below presents a view of the 13 key technology risks assessed in our survey. We have plotted these risks based on three variables:
- Perceived threat level
- Organizational preparedness
- Technology audit proficiency
Mapping the Risk Landscape
The bottom line: There is an imbalance between how technology audit leaders and teams view traditional and emerging technology risks. This calls for immediate action. Technology audit groups must apply the same disciplines, processes and rigor used in compliance audits to emerging areas of technology risk.
Learn more: Protiviti partnered with The IIA to conduct its 11th annual Global Technology Audit Risks Survey in the second and third quarters of 2023. The in-depth survey report (which includes a detailed breakdown of benchmarking data by organization size, region, industry and more), podcast, video, infographic and webinar are available from Protiviti here and from The IIA here.