Data & IT Issues Emerge as Top Concerns
for Internal Audit Professionals
Is your internal audit team prepared?
With 2019 looming, now’s the time to start planning for an effective audit cycle. Gartner’s annual “Audit Plan Hot Spots” report finds that the growing strategic importance of data is a critical emerging risk area for heads of internal audit in 2019. ¹
In its 2019 report, Gartner identifies the top data and analytics risks that will concern audit executives in 2019. ² “Cybersecurity, data governance, third parties and data privacy top the list of risks for which heads of audit will need to provide assurance,” offered Malcolm Murray, vice president of audit research at Gartner. ¹
“Companies face major challenges in applying proper data governance, maximizing the value they get from data, and complying with the fragmented data regulation landscape,” Murray explained. “Recent high-profile data breaches and increased public attention have raised the stakes for organizational accountability, and it’s only going to get tougher in 2019.” ²
Let’s take a closer look at two risk categories:
In our recent breakdown of the state of cybersecurity, we cited some eye-opening research from a recent cyber and data security survey:
No organization is immune to the rising threat of cyber attacks. But you can take steps to identify threats and reduce risk with effective IT risk management.
If your business is one of the majority that doesn’t measure cyber risk, get your organization started on the right path with a risk assessment. A complete risk profile will help you pinpoint any issues related to compliance, security, and other risk factors that may come up in an audit. It will also help your team connect risks to potential financial impacts for more strategic decision-making and resource allocation.
Third-party relationships, especially poorly managed ones, can significantly compound organizational risk—which is why it’s important to maintain visibility into all vendor and third-party partnerships.
However, a 2017 third-party risk report found that:
Gartner found that “nearly 70% of chief audit executives reported third-party risk as one of their top concerns, but organizations still struggle to manage this risk.” ³
Conduct an inventory of the vendors and other third parties that have access to your organization’s sensitive data.
This is a foundational component of your broader vendor-related audit preparation. Other proactive steps to take include:
Looking for more tips? Get a jumpstart on your vendor-related audit activities with our Vendor Management Audit Readiness Checklist.
Quantivate’s Internal Audit Software is designed to help organizations streamline their audit processes and reduce risk with:
Plus, because all of Quantivate’s software modules integrate with each other, you can also take advantage of solutions such as IT Risk Management and Vendor Management to make your internal audits even more effective.
¹ Gartner, Smarter with Gartner, “Data-Related issues Feature Among Top 2019 Risks for Internal Audit,” 15 November 2018, https://www.gartner.com/smarterwithgartner/data-related-issues-feature-among-top-2019-risks-for-internal-audit/ ¹
² Gartner Press Release, “Gartner Says Data and Analytics Risks Are Audit Executives’ Prime Concerns for 2019,” 25 October 2018, https://www.gartner.com/en/newsroom/press-releases/2018-10-25-gartner-says-data-and-analytics-risks-are-audit-executives-prime-concerns-for-2019
³ Gartner, Smarter with Gartner, “Actions for Internal Audit on Cybersecurity, Data Risks,” 28 November 2018, https://www.gartner.com/smarterwithgartner/actions-for-internal-audit-on-cybersecurity-data-risks/