Cyber security holds top spot in IT audit risk list


A survey commissioned by Protiviti and ISACA revealed cyber security holds the top spot on the IT audit risk list, while privacy and data, as well as regulatory compliance, also rank highly.

“War-related cyber attacks are on the rise, the surge of sophisticated ransomware attacks is ongoing and remote work continues to subject many organizations to new cyber security risks,” stated Proviti.

Even so, the survey showed that one-fifth of organizations don't anticipate cyber security risks to be addressed in their 2022 audit plans.

"Given the increasingly complex and rapidly changing technology risk landscape we're in, it's imperative for IT audit leaders to understand they are responsible for maintaining a holistic view of IT risks impacting the entire organization," commented Angelo Poulikakos, managing director and global leader of Protiviti's technology audit practice.

"This requires tech-enablement from an audit standpoint and regular calibration of risk assessments to suit the current environment, rather than 'rinsing and repeating' the work from previous years."

The top risks highlighted in the survey emphasize the vital but sensitive role that data plays in organizations today, with respondents voicing concerns about how data is gathered, controlled, and secured.


Nine steps to IT audit readiness

How technology can help win back your time and reduce IT risk


"With a global focus on data regulation, it may be easy to view data solely through a lens of compliance," said Paul Phillips, ISACA director of event content development and risk professional practice lead.

"However, consumer concern with how their data are used and stored and other operational matters that can quickly become reputational matters must not be discounted. As IT auditors assess risk and evaluate controls associated with data, the tremendous organizational value (and responsibility) of data and the importance of trust should always be top of mind," added Phillips.