New survey from Protiviti and The Institute of
Internal Auditors reveals the top tech risks that should be on
every executive's agenda
MENLO
PARK, Calif., Oct. 10,
2023 /PRNewswire/ -- As the scale of emerging
technology risks facing companies continue to multiply, IT auditors
play a key role in identifying these threats and helping their
organizations to navigate them. A new survey conducted by
Protiviti and The Institute of Internal Auditors (IIA) reveals
which risks are keeping IT auditors up at night.
The 11th annual "Global Technology Audit Risks
Survey" polled a group of over 550 Chief Audit Executives (CAEs)
and IT audit professionals on the technology risks their companies
face over near-term (12 month) and medium-term (two to three year)
time horizons. The survey revealed a number of key risks that
the internal audit function is most concerned about,
including:
1. Cybersecurity is the top priority
by a wide margin.
Nearly 75% of respondents, and an even higher
percentage (82%) of CAEs and technology audit leaders, consider
cybersecurity to be a high-risk area over the next 12 months. To
address this risk, leaders and executives need to put mitigation
plans into place. With the increased integration of emerging
technologies into business functions, organizations anticipate that
next-gen cyber threats pose the most significant risks over the
next two to three years.
2. AI is an emerging risk with
significant gaps in organizational preparedness and internal audit
proficiency.
Only 28% of respondents indicate the use of AI
(including generative AI) and machine learning (ML) as posing
significant threats over the next 12 months. However, while AI may
not be perceived as an immediate threat, it is rising rapidly on
the risk horizon. Specifically, 54% of our survey participants
believe advanced AI systems, including generative AI, present
substantial risks in the coming two to three years. As the
technology becomes more widely accepted and integrated into
business operations, the complexities and uncertainties it
introduces will become more pressing. Few organizations believe
their level of preparedness or the proficiency of their technology
audit group in handling AI/GenAI and ML risks are at acceptable
levels.
3. The talent gap in IT is a growing
concern.
For companies to address cyber- and AI-related
risks, they need to hire talent with a deep understanding of these
spaces at a time when such talent and skills are scarce. Companies
must focus on hiring the leaders and team members they need as well
as retaining and upskilling the existing talent pool. Companies
with insufficient talent and intellectual capital in areas like
cyber and AI will find themselves exposed when these risks become
reality.
Other areas that the audit function identifies as significant
threats over the next twelve months include third parties/vendors
(60%), data privacy and compliance (58%), and transformations and
system implementations (55%).
"When it comes to technology challenges, not only are companies
facing a wide range of threats, but each of these threats is
changing at an alarming rate," said Angelo
Poulikakos, global leader of the firm's Technology Audit and
Advisory practice. "Risks related to cyber and AI look radically
different than a few years ago, and will surely continue to evolve.
Companies that conduct internal audits more frequently and
integrate advanced analytical tools and techniques into their audit
processes will be more on top of these changes and consequently
more prepared when real issues arise. Many organizations are now
dealing with the strategic risks of the long-term talent gap, which
is why we're seeing more CAEs and auditors recognize this
challenge."
"IT auditors play a critical role in helping their companies see
around corners when it comes to technology risks across the
enterprise," said Brad J. Monterio,
IIA EVP of Member Competency and Learning. "This survey offers
valuable insights to CAEs and their teams on where they may need to
concentrate their efforts in the coming years as they shape their
audit plans. It also helps identify the areas where organizations
should consider strategically investing in talent to bolster their
risk preparedness."
This report is based on a survey, fielded from June through July
of 2023, of 559 chief audit executives (CAEs) and IT audit
professionals, representing a wide range of industries globally.
The survey was conducted in collaboration with The IIA.
Survey Resources Available
The research report from Protiviti and The IIA, "Navigating a
Technology Risk-Filled Horizon," is available for complimentary
download, along with an infographic and podcast about the survey
results, here. On October 12,
2023, at 10:00 a.m. PDT,
Protiviti and The IIA will host a free one-hour webinar to further
explore the implications of the survey. Featured speakers will be
Angelo Poulikakos and Lindsay Gleeson, Managing Director, from
Protiviti, along with David
Petrisky, Director, Professional Standards at The IIA.
About Protiviti
Protiviti (www.protiviti.com) is a global consulting firm that
delivers deep expertise, objective insights, a tailored approach
and unparalleled collaboration to help leaders confidently face the
future. Protiviti and our independent and locally owned Member
Firms provide clients with consulting and managed solutions in
finance, technology, operations, data, analytics, digital, legal,
HR, governance, risk and internal audit through our network of more
than 85 offices in over 25 countries.
Named to the 2023 Fortune 100 Best
Companies to Work For® list, Protiviti has served
more than 80 percent of Fortune 100 and
nearly 80 percent of Fortune 500 companies.
The firm also works with smaller, growing companies, including
those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half
Inc. (NYSE: RHI). Founded in 1948, Robert Half is a
member of the S&P 500 index.
About The Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is an international
professional association that serves more than 235,000 global
members and has awarded more than 190,000 Certified Internal
Auditor (CIA) certifications worldwide. Established in 1941, The
IIA is recognized throughout the world as the internal audit
profession's leader in standards, certifications, education,
research, and technical guidance. For more information, visit
theiia.org.
Protiviti is not licensed or registered as a public
accounting firm and does not issue opinions on financial statements
or offer attestation services.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/it-auditors-identify-cyber-risks-data-privacy-and-talent-shortages-among-the-biggest-technology-challenges-companies-face-301952230.html
SOURCE Protiviti