What will be the biggest IT audit issues this year?
With 2016 firmly in the rear-view mirror, organisations will now have set their sights on what challenges and opportunities they face in the year ahead. A growing threat in 2017 is likely to be technology, with risks increasing as new systems and processes evolve.
This means IT audit departments could be in for a busy year, as more and more businesses look to modernise their technology infrastructure and take advantage of the cost, efficiency and strategic gains that innovation can bring.
But what issues will be the most pressing for IT auditors in 2017? Let’s take a look at some recent research and examine what the experts believe will be the primary pain points.
Unsurprisingly, cyber security remains a priority for organisations over the coming months. Deloitte highlighted the field as the biggest hot topic for IT auditors in 2012, 2015 and 2016.
Meanwhile, the latest Institute of Internal Auditors (IIA) Global Perspectives and Insights into Emerging Trends report revealed that 74 per cent of businesses said they audit cyber security because they believe it is a high risk.
Over 90 per cent of respondents claimed their auditing departments understood the potential threat that cyber security breaches posed for their organisation. Yet, only 55 per cent said they had an established framework for dealing with these problems.
“Cyber security must be considered holistically and systemically, as the effects of failure can range from an inability to conduct basic transactions, to loss of intellectual property, to potentially significant reputational damage,” the IIA stated.
“It is not solely a technology risk; it is a business risk and, as such, internal auditors have a critical role to play.”
Of the organisations that didn’t audit cyber security, many claimed they didn’t have the necessary tools (55 per cent), while some said they lacked the time (22 per cent) or there wasn’t enough executive buy-in for such processes (19 per cent).
A growing number of organisations want to analyse the vast quantities of data they collect and store. Whether it’s customer details, sales figures, emails, videos, online visits or a multitude of other pieces of information, generating insights from data is key.
As such, nearly half of businesses (49 per cent) that the IIA polled have heavily invested in big data architecture and tools. A further 23 per cent have plans in place to do so.
But with IBM figures predicting that the digital universe will grow 40 per cent a year until 2020, big data management is set to be a significant challenge for auditors.
However, again, businesses appear to lack the tools necessary to perform audits on their big data systems. Sixty-one per cent of respondents would need to upgrade their capabilities to complete such audits. Over one-third hadn’t even reviewed the level of risk associated with big data.
The most common form of IT audit on big data was assessing controls over the information’s availability, integrity and security (80 per cent of firms). Two thirds evaluated big data risks and 54 per cent judged its accuracy.
Lack of IT audit skills
Businesses are already experiencing a skills gap in the area of IT audit. According to the IIA research, 65 and 46 per cent of respondents said their departments didn’t have the competencies to handle cyber security and big data audits, respectively.
This appears to be an ongoing problem, with a December 2015 global study from Protiviti and ISACA revealing that staffing and skills challenges were the third biggest problem for the IT audit profession.
Barclay Simpson research has shown 45 per cent of IT audit departments are under-resourced, with budget increases outpacing those of the wider internal audit function. Organisations are also more specialised in their demands – only 30 per cent of vacancies were for general IT audit roles.
To tackle technology challenges in 2017, employers will need to recruit talented candidates who can identify and overcome the risks of cyber security, big data and other issues.
As threats become increasingly sophisticated, businesses that fail to invest in their IT audit teams could face significant financial and reputational damage if their systems suffer a large-scale breach or failure.
Our 2016 Compensation and Market Trends Report combines our review of the prevailing conditions in the internal audit recruitment market together with the results of our latest employer survey.