Most IT audit plans for 2018 take the challenge of cybersecurity into account but, according to a recent study, as many as a fifth of organisations are not including cybersecurity in their IT audit plans. Protiviti's survey of more than 1,300 senior audit professionals worldwide found that the most commonly cited reason is a lack of qualified resources, specifically people, skills and/or auditing tools.
The company's Andrew Struthers-Kennedy commented: “Planning for cybersecurity not only helps with risk management, but also helps address gaps that can come from digitalisation. As more businesses accelerate the pace of technology transformation and increase their reliance on third-party vendors as part of their digital transformation efforts, the number and severity of cybersecurity risks is increasing.”
Top tech challenges
What were the main technology challenges for IT audit leaders and professionals? The survey showed the following were the main problems they face – with IT security and privacy at the top:
- IT security and privacy/cybersecurity;
- infrastructure management;
- emerging technology and infrastructure changes – transformation, innovation, disruption;
- resource/staffing/skills challenges;
- regulatory compliance;
- budgets and controlling costs;
- Cloud computing/virtualisation;
- third-party/vendor management;
- project management and change management; and
- data management and governance.
GDPR – consider all your data
The importance of effective data management and protection of company data across the organisation is one of the key challenges companies face in the run up to 25 May, when the EU’s General Data Protection Regulation (GDPR) will come into force. Struthers-Kennedy adds: “With regulators beginning to look more closely at the security and management of organizational data, we encourage IT audit teams to be aware of all data that an organization processes, where it resides and how it’s being protected. While the increase in data capture and processing activities offers opportunities for enhanced business insight and competitive advantage, it also adds significant risk and therefore data protection needs to be prioritized.”
80% of FTSE 100 companies don’t disclose cyber risk testing
FTSE 100 firms are upgrading their approach to cyber risks by appointing IT security experts to executive boards but only a fifth are reporting on how they test for cyber risks internally
GDPR goes live on May 25: DOES IT IMPACT YOU?
Are you liable to a fine of 4% of annual global turnover or €20 Million (whichever is greater) due to contravening GDPR regulations in the EU?
Beware potential risks in big data
Big data enables far more detailed, tailored analysis of performance, behaviour and markets – but what are the potential risks? A report highlights some of the dangers – as well as the benefits