Every year, the Gartner team speaks to its internal audit clients to identify what the auditing hotspots for the year are. Primarily discussed as main areas of concerns, this regular survey of 144 chief audit executives takes it a step further. A clear picture is emerging – one that shows the far-reaching impact of digitalisation on the risk landscape.
According to Gartner, the 12 hotspots that are keeping auditors up at night include:
- Cybersecurity Preparedness
- Data Governance
- Third Parties
- Data Privacy
- Ethics & Integrity
- Operational Resilience
- Cloud Computing
- Digital Business Transformation
- Regulatory Uncertainty
- Strategic Workforce Planning
- Acquisition Integration
- Trade and Tariffs
Since 2015, these topics have been evolving year-on-year, taking a much stronger footing in digital transformation within our economy. 8 of the 12 hot spots for 2019 are associated with the ongoing digitalisation of businesses, governments and society. One big concern for this year for internal auditors surrounds the area of data and analytics.
Data breaching headaches
“Organisations of all types have exponentially increased the amount of data they collect and use at a time when public and regulatory scrutiny is very high, and the regulatory landscape is neither globally consistent nor stable. This creates major challenges in applying proper data governance, maximising the value extracted from data, and complying with regulation,” says Malcolm Murray, vice president and fellow at Gartner.
Some of the biggest victims of data breaches in 2018 included T-Mobile, Quora, Google, and Orbitz. Facebook dealt with a slew of major breaches and incidents that affected more than 100 million users of the popular social network. And the list goes on. Other companies that fell foul to data privacy breaches include Marriott Hotels (500 million users), British Airways (380,000 users affected), Saks & Lord Taylor (5 million users affected), Cathay Pacific Airways (9.4million users affected), Timehop (21 million users affected).
Preparing for threats to Cybersecurity
Set aside the actual collection and processing of data, part and parcel of one of the most contentious issues facing internal auditors today is an organisation’s ability to be prepared for cybersecurity threats.
“Aside from the complexities of collecting and managing data, the technological capabilities involved create a vastly expanded range of cybersecurity threats and much greater dependence on platforms delivered through third (or fourth, or fifth!) parties, often using cloud computing. organisations are struggling to keep up with documenting and identifying all possible sources of risk,” Malcolm continues to add.
Interestingly enough, for the first time since this survey started, Ethics & Integrity have appeared as concerns for internal auditors – being driven both by a digital upsweep in algorithmic decision-making, but also by the fact organisations are being held to higher account now, being driven by societal trends, rather than a simple compliance to regulatory standards. Take, for example, the Cambridge Analytica scandal. The public outrage was so fierce that governments were forced to act calling Facebook, and other involved parties, to explain themselves.
Where geopolitical instability and climate change appeared on the agenda of most worrying topics for internal auditors in 2015, 2019 is driven by a digital tide, that is so closely interwoven with an organisation’s operational resilience to be able to withstand and uphold critical business operations.
The tide is changing business. Business is changing perception. Compliance is changing and Auditors are fast-pressed to keep themselves at the forefront of transformation.
That’s why CFPro, as a chosen partner to many auditing teams, is focussed on business transformation. Getting stuck into our client’s day-to-day while helping them reach tomorrow, gives us a unique perspective on the challenges, trends and innovations that are emerging – enabling us to work alongside auditing teams in a fast-evolving business landscape.
Want to understand how we can help your auditing team? Get in touch with us today.