Technology audit functions are navigating a dynamic business landscape that is being shaped continually by exponential growth in technologies like generative AI and the concurrent emergence of new security, privacy and data-related challenges.
Today’s and tomorrow’s challenges: This year’s Global Internal Audit Perspectives on Top Technology Risks Survey, conducted by Protiviti and The Institute of Internal Auditors (The IIA), reveals a complex business environment that not only reinforces some trends from prior years but also recognizes emerging risk trends that technology auditors must anticipate to remain relevant.
Key takeaways: There are a number of significant trends and pressing concerns facing today’s technology audit landscape that are revealed in our research.
- Cybersecurity is the top technology threat — Not only do cyber concerns stand out as the top threat (68% of all organizations perceive a high threat over next 12 months), but these concerns are even greater among organizations conducting technology audits more frequently, as well as among those using cybersecurity and AI-based tools to support the technology audit department.
- AI is beginning to influence technology auditing — While AI is not viewed as a significant short-term technology concern, most respondents (59%) view advanced AI systems as posing significant risks to their organizations in the next two to three years. The use of AI-based tools in technology auditing is associated with elevated concerns about various threats.
- Data concerns are prevalent — Data privacy and compliance as well as data governance and integrity rank among the top technology risks organizations face, and 52% view data breaches and leaks of sensitive information as posing the greatest cybersecurity-related threats.
- Higher frequency of technology audits drives better performance — Conducting more technology audits annually drives a clearer understanding of the threat landscape and contributes to improved organizational preparedness and technology audit proficiency to handle these threats. Conversely, organizations with lower audit frequency may face blind spots in their risk management efforts.
Call to action: This year’s research results point to several important actions that CAEs and technology audit leaders and teams should take to address today’s and tomorrow’s technology challenges and position their organizations for success. In brief, they should:
- Increase the frequency of technology audits performed annually. Audit groups that conduct six or more technology audits annually perceive several technology risks as more significant threats to the business compared to low-frequency IT auditing groups.
- Assess technology audit proficiency gaps. The survey results reveal significant gaps between perceived threat levels and proficiency levels for a number of technology risks, including third-party risk and AI. Technology audit functions need to prioritize elevating their proficiency in these areas.
- Embrace the use of advanced tools in technology auditing. Leveraging technology tools such as AI for risk prediction, anomaly detection and text generation, along with cybersecurity tools like vulnerability scanners, provides a clearer understanding of the threat landscape.
- Stay laser-focused on cybersecurity. IT audit leaders and teams view cyber threats as the top technology risk for organizations, by a large margin. These threats drive concerns over breaches, leaks of sensitive information and long-term reputation damage.
- Stay on the leading edge of AI. The exponential growth in the use of AI will continue. Technology audit leaders and teams must stay closely attuned to how AI is being deployed throughout the enterprise to monitor effective use and identify potential risks. They must also ensure that appropriate controls and governance are in place so that data privacy and security risks are managed appropriately and ethical use of these technologies is evaluated.
Learn more: Protiviti partnered with The IIA to conduct its 12th annual Global Internal Audit Perspectives on Top Technology Risks Survey in the second quarter of 2024. The in-depth survey report is available from Protiviti and from The IIA.
Register for the webinar on October 9 at 1 p.m. EDT for a discussion on the implications, challenges and strategic opportunities that evolving technology risks pose for organizations and their IT audit processes. 1.0 CPE credit is available for live attendance.