4 Internal Audit Risk Areas to Watch in 2019

  • December 20, 2018
  • Quantivate

Data & IT Issues Emerge as Top Concerns
for Internal Audit Professionals

Is your internal audit team prepared?

With 2019 looming, now’s the time to start planning for an effective audit cycle. Gartner’s annual “Audit Plan Hot Spots” report finds that the growing strategic importance of data is a critical emerging risk area for heads of internal audit in 2019. ¹

Internal Audit Risk Areas

In its 2019 report, Gartner identifies the top data and analytics risks that will concern audit executives in 2019. ² “Cybersecurity, data governance, third parties and data privacy top the list of risks for which heads of audit will need to provide assurance,” offered Malcolm Murray, vice president of audit research at Gartner. ¹

  1. Cybersecurity
  2. Data Governance
  3. Third Parties
  4. Data Privacy

“Companies face major challenges in applying proper data governance, maximizing the value they get from data, and complying with the fragmented data regulation landscape,” Murray explained. “Recent high-profile data breaches and increased public attention have raised the stakes for organizational accountability, and it’s only going to get tougher in 2019.” ²


Let’s take a closer look at two risk categories:

1. Cyber Risk
Recent research says:

In our recent breakdown of the state of cybersecurity, we cited some eye-opening research from a recent cyber and data security survey:

  • Nearly 60% of executives ranked cybersecurity as one of their top five risks.
  • More than 75% of executives reported that their organizations either had no method to measure cyber risk (49%) or they didn’t know if their organization measured risk exposure (27%).
  • Only 18% have a cybersecurity incident response plan.

  Read more about cybersecurity risks and best practices.

What you can do about it:

No organization is immune to the rising threat of cyber attacks. But you can take steps to identify threats and reduce risk with effective IT risk management.

If your business is one of the majority that doesn’t measure cyber risk, get your organization started on the right path with a risk assessment. A complete risk profile will help you pinpoint any issues related to compliance, security, and other risk factors that may come up in an audit. It will also help your team connect risks to potential financial impacts for more strategic decision-making and resource allocation.

2. Third-Party Risk
Recent research says:

Third-party relationships, especially poorly managed ones, can significantly compound organizational risk—which is why it’s important to maintain visibility into all vendor and third-party partnerships.

However, a 2017 third-party risk report found that:

  • 57% of organizations surveyed don’t keep an inventory of all the third parties with which they share sensitive information.
  • 60% felt underprepared to perform due diligence on their vendors.

Gartner found that “nearly 70% of chief audit executives reported third-party risk as one of their top concerns, but organizations still struggle to manage this risk.” ³

What you can do about it:

Conduct an inventory of the vendors and other third parties that have access to your organization’s sensitive data.

This is a foundational component of your broader vendor-related audit preparation. Other proactive steps to take include:

  • Classifying vendors by criticality
  • Maintaining updated vendor profiles
  • Keeping historical financial data on vendors
  • Conducting performance reviews

Looking for more tips? Get a jumpstart on your vendor-related audit activities with our Vendor Management Audit Readiness Checklist.

How Quantivate Can Help

Quantivate’s Internal Audit Software is designed to help organizations streamline their audit processes and reduce risk with:

  • a consistent audit framework that adapts to your organization’s processes
  • built-in tools for audit plan creation, document storage, and risk assessment
  • audit status and history tracking
  • and more

Plus, because all of Quantivate’s software modules integrate with each other, you can also take advantage of solutions such as IT Risk Management and Vendor Management to make your internal audits even more effective.

See how our GRC software platform works for yourself — request a free, personalized demo today.

¹ Gartner, Smarter with Gartner, “Data-Related issues Feature Among Top 2019 Risks for Internal Audit,” 15 November 2018, https://www.gartner.com/smarterwithgartner/data-related-issues-feature-among-top-2019-risks-for-internal-audit/ ¹

² Gartner Press Release, “Gartner Says Data and Analytics Risks Are Audit Executives’ Prime Concerns for 2019,” 25 October 2018, https://www.gartner.com/en/newsroom/press-releases/2018-10-25-gartner-says-data-and-analytics-risks-are-audit-executives-prime-concerns-for-2019

³ Gartner, Smarter with Gartner, “Actions for Internal Audit on Cybersecurity, Data Risks,” 28 November 2018, https://www.gartner.com/smarterwithgartner/actions-for-internal-audit-on-cybersecurity-data-risks/

Stay up to date with the latest news, compliance alerts, and thought leadership for banks and credit unions: