IT Security, Privacy and Data Management Ranked as Top Challenges Facing IT Audit Function, According to Survey from Protiviti and ISACA

Webinar today will share survey results and insights

MENLO PARK, CA - October 15, 2019 – A new study examining the key challenges impacting IT audit professionals as they navigate an evolving risk landscape in an era of digital transformation is now available. The 2019 Global IT Audit Benchmarking Study is the eighth annual audit research project conducted by global consulting firm Protiviti and ISACA, a global association helping individuals and enterprises in the IT audit/assurance, governance, risk and information security space.

Based on a survey of 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide, the benchmarking study provides key takeaways, analysis and recommendations for business leaders. Respondents revealed the key technology challenges they face, including a dramatic increase in the importance of data and governance, the essential role of IT partnerships and the top skills they are seeking in their teams.

Top Technology Challenges

Asked to identify their biggest technology challenges, IT audit leaders and professionals noted the following as their top five:

1. IT security and privacy/cybersecurity
2. Data management and governance
3. Emerging technology and infrastructure changes – transformation/innovation/disruption
4. Staffing and skills challenges
5. Third-party/vendor management

“As much as organisations are focusing on cybersecurity and protecting their data, they’re still behind given the changing landscape, growing sophistication of cyber criminals, evolving regulatory requirements such as GDPR and persistent gaps and process breakdowns that emerge as part of their ongoing transformation projects,” said Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm’s IT Audit practice. “The bottom line is IT audit cannot let its guard down.”

Data Management and Governance Jumps to Second Most Important Challenge

Respondents indicated that data management and governance pose the second most critical challenge to their organisations, a significant jump from its number ten spot in the 2018 survey. As organisations seek to leverage data with technologies such as RPA, AI, machine learning and continuous auditing and monitoring, IT audit functions are becoming increasingly focused on evaluating risks associated with data collection, processing and reporting.

“There is considerable room for improvement in terms of the structure, quality and accuracy of the data available in most organisations. When an organisation reaches higher levels of maturity related to data management and governance, it’s much more adept at not only avoiding downside risks but also taking advantage of the opportunities for using data as an enterprise-enabled and competitive differentiator,” said Struthers-Kennedy. “Data is the lifeblood for many organisations, so IT audit functions need to ensure that key aspects of data management are considered as part of every audit and review activity.”

Growing Importance of IT Partnerships

IT audit functions defined as ‘leaders’ in the report have significantly increased exposure to strategic activities within the organisation, including being invited to participate in key IT department committees (e.g., IT governance and risk management, information security, IT strategy). Leaders also assess and identify technology risk on a more frequent, even continual, basis. Finally, leaders include cybersecurity in their plans on a more frequent basis than those who have lower levels of engagement and interaction with the IT department.

“One of the prominent themes in this year’s survey is the importance of partnership between audit and the IT function, which is particularly essential in the area of risk management,” said Robin Lyons, ISACA technical research manager. “As these two groups work together, risk management becomes a shared, real-time effort that reduces guesswork by IT audit as to which project challenges and risks truly exist.”

Lack of Skills and Resources is Pervasive Challenge

Organisations in every sector are experiencing a shortage of skills and resources today in IT audit. Of the surveyed organisations with revenues ranging from US$100 million to $1 billion, nearly a third (32%) are unable to address specific areas of the annual IT audit plan due to a lack of resources and skills. The survey revealed the top five skills most in demand are:

• Expertise in advanced and enabling technologies (44%)
• Critical thinking (32%)
• Data science (27%)
• Agile methodology (20%)
• Communications expertise (17%)

As businesses continue their digital transformation journeys, the importance of focusing on data and technology by internal audit grows. The way internal auditors engage and partner with their stakeholders, the skills they develop and deploy as part of their activities, and the tools and technologies they are familiar with and adopt are all critical areas that require focus.

Survey Resources Available; Free Webinar on October 15

The in-depth survey report, including a detailed breakdown of benchmarking data by organi­sation size, region and more, is available for complimentary download from Protiviti here and from ISACA here, in addition to an infographic and short video highlighting key findings. A podcast featuring Lyons and Struthers-Kennedy discussing the study’s results is also available for download from the sites.

Additionally, today at 11:00 a.m. PDT, Protiviti will host a free 75-minute webinar to share takeaways from the survey featuring Samir Datt, a Protiviti managing director in the technology consulting practice, joined by Struthers-Kennedy and Lyons. To join the webinar, please register here.

About ISACA

Now in its 50th anniversary year, ISACA^® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged professionals—including 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI^® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.