Cybersecurity, Privacy, Data and Compliance are Top IT Audit Risks: ISACA

A new survey conducted by Protiviti and ISACA found that cybersecurity is the chief risk for IT audit departments, yet despite heightened concerns, one in five organisations do not expect their 2022 audit plans to address the risk of cybersecurity breaches. Other related risks such as privacy and data as well as regulatory compliance also rank as top concerns.

Responses to this year’s edition of the annual technology and audit benchmarking survey, titled “IT Audit Perspectives on Today’s Top Technology Risks,” indicate that IT audit teams are perceiving the current technology risk landscape as much more threatening than in the past. More than 7,500 IT audit leaders and professionals from around the world participated in the survey.

War-related cyberattacks are on the rise, the surge of sophisticated ransomware attacks is ongoing and remote work continues to subject many organisations to new cybersecurity risks.

“Given the increasingly complex and rapidly changing technology risk landscape we’re in, it’s imperative for IT audit leaders to understand they are responsible for maintaining a holistic view of IT risks impacting the entire organisation,” said Angelo Poulikakos, a managing director at Protiviti and global leader of the firm’s Technology Audit practice.

“This requires tech-enablement from an audit standpoint and regular calibration of risk assessments to suit the current environment, rather than ‘rinsing and repeating’ the work from previous years.”

“The elevated cybersecurity concerns evidenced in this year’s survey underscore that cyber threats are no longer concentrated within specific industries. This is an industry agnostic concern, and every organisation should be mobilising to protect itself. While IT audit teams may not be on the front lines managing these risks, it’s essential that they take a proactive approach to regularly assess the efficacy of these efforts while confirming the proper controls and protections are in place,” added Poulikakos.

The Top 10 IT Audit Risks for 2022

The survey asked respondents to rate the significance of 39 technology risk issues. Of those, the top 10 IT audit risks identified were as follows:

Cyber breach

- Manage security incidents

- Privacy

- Monitor regulatory compliance

- Access risk    

Key Findings:

- The greatest IT audit concerns lie with cybersecurity-related breaches and related risk issues (ransomware, loss of data, etc.) — Across nearly every industry and organisation type, cybersecurity is the top-ranked technology risk. Related cyber issues such as data privacy, managing security incidents, disaster recovery, access risk and third-party risk also rate as top concerns given that they can lead to reputation damage, loss of revenue/customers and regulatory fines/scrutiny.

- Data governance and data integrity are being scrutinised — These risk issues are proving difficult given the frequency and magnitude of internal changes and transformations as well as external disruptions and volatility.

 - Regulatory compliance burdens and risk are increasing rapidly — IT audit teams, as well as other departments (e.g., legal, compliance, IT), are scrambling to keep pace with new data privacy and data security rules as well as changing legal and regulatory compliance requirements that have growing implications for organisational data management and technology-related activities.

The full report is available for download HERE.