In today’s environment, companies of all sizes face a myriad of risks and threats. More and more, the most pressing risks that companies face are related to technology. To protect against these risks, management is relying more heavily on the internal audit function to ensure the risks are identified and proper mitigation steps have been implemented. A report recently released by the Institute of Internal Auditors (IIA), Navigating Technology’s Top 10 Risks, provides key insights into how the internal audit function can help companies mitigate these risks. To help our clients, prospects and others understand the benefit that internal audit can offer in the process, we have provided a summary of top risks below.
The survey of chief audit executives and IT specialists included companies of various sizes.. These were the concerns of the group as a whole:
- Cybersecurity – This was identified as the area of greatest concern for survey participants. The possibility of having so-called “secure” networks infiltrated and sensitive financial or other personal customer information stolen is on almost everyone’s mind. In fact, more than 70% of respondents consider the risk of a breach as extensive or moderate. There are a number of steps internal audit can take to remediate such risks, including vulnerability scans and penetration testing, crisis management simulation exercises and an audit of the IT architecture to ensure compliance with company policies.
- Information Security – The trend is for companies not only to invest in protecting the perimeter of their network and other information-sharing systems, but also implementing protective measures internally. The approach known as “layered security protection” provides controls should the perimeter defenses suffer a breach in security. Steps that internal audit can take to help include vulnerability scans of the internal network, access control point security, back-up testing and recording of privileged users’ activities.
- IT Governance – As technology becomes more complex, so does the need for a company to invest in technology. With the high price tag associated with many IT projects, companies are now focusing on IT governance to ensure the expenditures made will provide the anticipated value for the organization. Internal audit can perform audits to ensure the company’s IT function aligns with strategic priorities and assess the effectiveness of IT’s performance management.
- IT Skills among Internal Auditors – The number of internal audit professionals who specialize in IT is quite low. In fact, only 10% of survey respondents indicate they specialize in or have significant IT skills. Given the continuous shift of corporate threats to the IT arena, it’s absolutely critical to have as many internal audit professionals with IT skills as possible. Steps to address this issue include providing additional IT training to internal audit staff, continuing to hire IT-experienced internal auditors and working closely with IT to help them understand the company’s strategic priorities and resulting organizational risks.
The IIA survey accurately outlines the changes that internal audit needs to make to stay on top of emerging technology risks. Many times companies look to outsourced vendors to bring in the specialized IT audit knowledge needed to assess and manage risk. Barnes Dennig works with companies across Ohio and Kentucky to help them accomplish these objectives. If you would like additional information on our IT security or internal audit services, call us at 513-241-8313, or click here to email us. We look forward to speaking with you soon.