Cybersecurity and data management top concerns for IT auditors

In an unsurprising result, IT security, privacy and cybersecurity remain the top challenges for chief audit executives, internal audit professionals and IT audit vice presidents and directors worldwide, with data management and governance and emerging technology and infrastructure changes close behind, according to the International Systems Audit and Control Association (ISACA) and Proviti’s latest study.

“As much as organisations are focusing on cybersecurity and protecting their data, they’re still behind given the changing landscape, growing sophistication of cybercriminals, evolving regulatory requirements such as GDPR and persistent gaps and process breakdowns that emerge as part of their ongoing transformation projects,” Proviti Managing Director Andrew Struthers-Kennedy said.

“The bottom line is IT audit cannot let its guard down.”

In particular, data management and governance has garnered increased attention over the past year, with respondents recognising it as the second most critical challenge for their organisations, a significant jump from its number 10 spot in last year’s Global IT Audit Benchmarking Study.

“There is considerable room for improvement in terms of the structure, quality and accuracy of the data available in most organisations. When an organisation reaches higher levels of maturity related to data management and governance, it’s much more adept at not only avoiding downside risks but also taking advantage of the opportunities for using data as an enterprise-enabled and competitive differentiator,” Struthers-Kennedy said.

To help bolster organisations’ IT governance, risk management, information security and strategies, IT auditors are becoming more involved in key IT department committees, ISACA Technical Research Manager Robert Lyons said.

“As these two groups work together, risk management becomes a shared, real-time effort that reduces guesswork by IT audit as to which project challenges and risks truly exist.”

Predictably, staffing and skills challenges also came in the top five concerns, with 32% of respondents with revenues ranging from US $100 million to $1 billion saying they are unable to address specific areas of their annual IT audit plan due to a lack of resources and skills.

The top five skills currently in demand are: ‘expertise in advanced and enabling technologies’, ‘critical thinking’, ‘data science’, ‘agile methodology’ and ‘communications expertise’, according to the study.

Image credit: ©stock.adobe.com/au/Jakub Jirsák