Organizations’ concerns about cyber security, privacy, cloud, and technology resilience are fueled by changing business priorities, remote work, and accelerated deployment of new technologies, according to report.
Top 10 IT audit risks for 2021 include cyber breaches, confidentiality and privacy, regulatory compliance, user access, security incident management, disaster recovery, and data governance.
Digital leaders perform more frequent technology audit risk assessments, driven by more agile ways of working and more integration and use of data and technology.
Organizations’ concerns about cyber security, privacy, cloud computing, and technology resilience are being further fueled by shifting business priorities, the pandemic-induced remote work environment, and accelerated deployment of new technologies.
That’s one of the key findings of a recent report by global consulting firm Protiviti. The study, IT Audit Perspectives: Top Technology Risks in 2021, was conducted in partnership with professional technology association ISACA and is based on a survey conducted in September and October 2020 of more than 7,400 IT audit leaders across a range of industries worldwide.
The report identified the top 10 IT audit risks for 2021, based on survey responses: Cyber breach, confidentiality and privacy, regulatory compliance, user access, security incident management, disaster recovery, data governance, third-party risk, remote workplace infrastructure, and availability risk.
The researchers noted that IT audit groups, especially those in more digitally mature organizations, are using more dynamic and real-time approaches to technology risk assessment. This enables them to be more agile and responsive to the rapidly evolving risk landscape, driven in no small part by pandemic-related challenges.
The “digital leaders,” those organizations that have innovative and disruptive qualities and a proven track record of delivering on digital and innovation initiatives and effective adoption of emerging technologies, look at risks differently than do organizations with lower levels of digital transformation maturity.
The survey showed that digital leaders stand out by performing more frequent technology audit risk assessments, driven by more agile ways of working and more integration and use of data and technology. Unfortunately, a majority of organizations (67%) do not classify themselves as digital leaders, and 11% of those non-leaders are not conducting any form of technology risk assessment at all.
For the most part, the top 10 technology risks for digital leaders and other companies were the same, the study said, but risk indexes trended higher for digital leaders. This is likely due to several factors, it said, including the generally more complex technology environments of these organizations and their more extensive use of advanced technologies such as intelligent automation, Internet of Things (IoT), artificial intelligence (AI) and machine learning (ML).
Another factor affecting higher risk is the level of data and technology employed by digital leaders to support their enhanced customer engagement, operational performance, and digitization of products and services.
A notable difference between digital leaders and other organizations is that cloud strategy and adoption was a top 10 risk for digital leaders but not for other organizations. That’s because digital leaders were more likely to include cloud technologies in the delivery of business services and in their longer-term planning and strategy.
In general, most organizations seem to be aware of the importance of measuring technology risk. Nearly two thirds of all organizations surveyed (61%) said they are now identifying and assessing technology risks for the purpose of audit planning, as part of the overall internal audit risk assessment process. The flip side is that 39% of the organizations are not specifically assessing technology risks in the development of audit plans, which is a concern.
Companies need visibility to effectively identify and evaluate risks, noted Andrew Struthers-Kennedy, a managing director at Protiviti and leader of the IT Audit practice. The sudden shift to remote work and the broader disruption experienced by many users has shown the importance of identifying and assessing technology risks on a more dynamic and frequent basis, he said.
Cyber security is a major concern among organizations, regardless of their industry or geographic location. In fact, IT audit professionals based in North America, Africa, Asia, Europe, the Middle East, and Oceania all ranked cyber breaches as their top concern. Nearly 80% of the respondents worldwide said they plan to address that risk in their 2021 audit plans.
Security, along with privacy and resilient technologies dominate the top technology risks, the report said. These issues, which already were high priority risks for most organizations, have been heightened by the pandemic, remote work, and new business processes, it said. Also impacting views on risk are increasing connectivity via IoT.