Most IT audit plans for 2018 take the challenge of cybersecurity into account but, according to a recent study, as many as a fifth of organisations are not including cybersecurity in their IT audit plans. Protiviti's survey of more than 1,300 senior audit professionals worldwide found that the most commonly cited reason is a lack of qualified resources, specifically people, skills and/or auditing tools.

The company's Andrew Struthers-Kennedy commented: “Planning for cybersecurity not only helps with risk management, but also helps address gaps that can come from digitalisation. As more businesses accelerate the pace of technology transformation and increase their reliance on third-party vendors as part of their digital transformation efforts, the number and severity of cybersecurity risks is increasing.”

Top tech challenges

What were the main technology challenges for IT audit leaders and professionals? The survey showed the following were the main problems they face – with IT security and privacy at the top:

1. IT security and privacy/cybersecurity;
2. infrastructure management;
3. emerging technology and infrastructure changes – transformation, innovation, disruption;
4. resource/staffing/skills challenges;
5. regulatory compliance;
6. budgets and controlling costs;
7. Cloud computing/virtualisation;
8. third-party/vendor management;
9. project management and change management; and
10. data management and governance.

GDPR – consider all your data

The importance of effective data management and protection of company data across the organisation is one of the key challenges companies face in the run up to 25 May, when the EU’s General Data Protection Regulation (GDPR) will come into force. Struthers-Kennedy adds: “With regulators beginning to look more closely at the security and management of organizational data, we encourage IT audit teams to be aware of all data that an organization processes, where it resides and how it’s being protected. While the increase in data capture and processing activities offers opportunities for enhanced business insight and competitive advantage, it also adds significant risk and therefore data protection needs to be prioritized.”