TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP … Technology Challen… · TOP TECHNOLOGY...

TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP TO THE AUDIT PLAN

ISACA/Protiviti 6th Annual IT Audit Benchmarking Survey

April 2017

TODAY’S SPEAKER

2

Gordon is a Managing Director at Protiviti where he leads the

Kansas City office and the global IT audit practice. For over

seventeen years, Gordon has been providing risk consulting

services across several industries. He is an active leader of

Protiviti’s central region internal audit practice and has a

particular focus on assisting clients with the assessment and

management of business risks associated with the deployment

and maintenance of technology. Gordon has served as an

engagement leader on multiple outsourced and co-sourced

internal audit engagements. Gordon received his BA from the

University of Notre Dame and his MBA from the University of

Chicago Booth School of Business.

[email protected]

Gordon

Braun

OUR JOINT STUDY

3

6th Annual IT Audit Benchmarking Survey

• The IT audit function has never held a more crucial

role. From substantial cybersecurity, privacy and

infrastructure challenges and management issues

to the implementation of new technologies in the

organization, IT auditors work closely with

management and the board of directors to fulfill a

vital role in helping maintain an effective control

environment amid a changing business climate and

dynamic global marketplace.

• The results of the latest IT Audit Benchmarking

Study from ISACA and Protiviti illustrate the

increasingly integrated role IT audit leaders and

professionals are assuming in regard to technology

initiatives in their organizations.

AGENDA FOR TODAY

4

ISACA and Protiviti partnered to conduct the sixth annual IT Audit

Benchmarking Survey in the third quarter of 2016.1

This global survey, conducted online, consisted of a series of

questions covering five categories: 2

• Today’s Top Technology Challenges

• Audit’s Involvement in IT Implementation Projects

• IT Audit in Relation to the Internal Audit Department

• Assessing IT Risks

• Audit Plan

• Skills and Capabilities

AGENDA FOR TODAY

5

More than 1,000 executives and professionals, including chief audit

executives as well as IT audit vice presidents and directors,

completed the online questionnaire.3

Today we will discuss:4

• Key findings from the 6th Annual IT Audit Benchmarking Survey

• The top 10 technology challenges surfaced by the benchmarking

participants

• How do these technology challenges relate to the internal audit plan?

• What are some of the best practices we see leading internal audit

organizations employing to drive value?

KEY FINDINGS FROM THE IT AUDIT BENCHMARKING SURVEY

KEY FINDING #1 – CYBERSECURITY

7

This has been a highly ranked challenge in our prior years’ surveys, but still has increased in the importance and clearly is the top-of-mind concern for IT audit leaders and professionals. These results are consistent with the results of Protiviti’s annual survey of technology leaders, which show that IT security and incident response capabilities dominates the priority lists for CIOs.

CYBERSECURITY IS VIEWED AS THE TOP TECHNOLOGY

CHALLENGE

01

KEY FINDING #2 – EXECUTIVE-LEVEL INTEREST

8

A majority of IT audit leaders are regularly attending audit committee meetings, and many more are reporting directly to the CEO (though this reporting relationship may not be ideal). There also is more audit committee involvement in the IT audit risk assessment process.

THERE APPEARS TO BE MORE EXECUTIVE-LEVEL INTEREST IN

IT AUDIT

02

KEY FINDING #3 – CAE LEADERSHIP

9

CAEs are becoming increasingly IT-literate and appear to be taking on the daily management and leadership of the IT audit function, especially given technology’s importance and risk level in most organizations. This is a positive trend as it provides the IT audit function and responsibilities with greater visibility.

MORE CAES ARE BEGINNING TO CARRY LEADERSHIP FOR IT

AUDIT DIRECTLY

03

KEY FINDING #4 – KEY TECHNOLOGY PROJECTS

10

While it is encouraging to find some involvement in the early stages of a project such as planning and design, IT audit functions are more frequently involved post-implementation. Given that a strong majority of organizations have implemented a new IT system or application within the past three years, there likely are opportunities for IT audit to become more involved earlier on with these initiatives.

MOST IT AUDIT SHOPS HAVE SIGNIFICANT OR MODERATE LEVEL

INVOLVEMENT IN KEY TECHNOLOGY PROJECTS

04

KEY FINDING #5 – IT AUDIT RISK ASSESSMENTS

11

Considering the growing risk landscape resulting from cybersecurity threats and merging technologies, more organizations should consider an approach that includes continually reviewing the IT risk landscape and adjusting IT audit plans accordingly.

MOST PERFORM IT AUDIT RISK ASSESSMENTS, THOUGH A

MAJORITY DO SO ANNUALLY OR LESS FREQUENTLY

05

TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP TO THE AUDIT PLAN

TODAY’S TOP TECHNOLOGY CHALLENGES

13

IT security and privacy/cybersecurity01

Regulatory compliance05

Emerging technology and

infrastructure changes –

transformation, innovation, disruption03

Resource/staffing/skills challenges04

Budgets and controlling costs06

Cloud computing/virtualization07

Third-party/vendor management10

Bridging IT and the business08

Project management and change

management09

Infrastructure management02


14

IT SECURITY AND PRIVACY/CYBERSECURITY

PRIOR YEAR RANK: #2

HOW DOES THIS IMPACT THE AUDIT PLAN?

The global risks in this area have never been higher, and the

magnitude is almost certain to intensify in the months and years

to come.

Cybercriminal activity against global companies surged in the past

year, and there are growing signs suggesting that a form of global

cyberwar has commenced.

01


15

INFRASTRUCTURE MANAGEMENT

PRIOR YEAR RANK: #4


IT infrastructure management has become a major challenge for

organizations, particularly those that have aging cores of outdated

information systems.

A growing number of these organizations are electing to

modernize their aging cores to achieve both increased agility and

significant long-term savings in costs and resources.

02


16

EMERGING TECHNOLOGY AND

INFRASTRUCTURE CHANGES –

TRANSFORMATION, INNOVATION, DISRUPTION

PRIOR YEAR RANK: #1


The most common drivers of transformational initiatives often

include new functionality, cost optimization, operational

improvement, adoption of emerging technology, and alignment

between the IT organization and the business.

It is important to understand IT transformation obstacles in the

context of the unique challenges for your organization and

industry.

03


17

RESOURCE/STAFFING/SKILLS CHALLENGES

PRIOR YEAR RANK: #3


In today’s market, it’s a challenge to find qualified and

experienced IT auditors, and talent levels are below where many

organizations want them to be.

Not only was this noted by respondents as one of today’s top IT

challenges, this is supported in numerous results within the

survey.

04


18

REGULATORY COMPLIANCE

PRIOR YEAR RANK: #9


Increasing, and increasingly sophisticated, cyberattacks will likely

result in more regulations and oversight, as governments and

regulatory authorities seek to bolster protections of consumer and

organizational data.

This is especially an issue for organizations in highly regulated

industries.

05


19

BUDGETS AND CONTROLLING COSTS

PRIOR YEAR RANK: #10


IT budgets are rising.

Investments in running IT operations and maintaining technology

through the business consume large portions of IT budgets, often

followed by investments in improvements and innovation, security

and compliance.

06


20

CLOUD COMPUTING/VIRTUALIZATION

PRIOR YEAR RANK: #5


Cloud adoption and virtualization will continue to take place in the

coming years.

The widespread adoption of infrastructure as a service, software

as a service and platform as a service will require significant

planning and changes.

07


21

BRIDGING IT AND THE BUSINESS

PRIOR YEAR RANK: #6


Technology risk is a significant component of critical enterprise

risks. It is important that internal audit understand the technology-

related risks that present threats to the business model.

Audit should follow these developments closely because of the

potential audit and disclosure implications they may have.

08


22

PROJECT MANAGEMENT AND CHANGE

MANAGEMENT

PRIOR YEAR RANK: #7


In organizations today, there is a growing number of critical

initiatives underway as they undergo the types of IT

transformation, cloud, digitization and big data projects.

However, there are significant roadblocks, both technological

(legacy systems and processes) and cultural (change

management problems and skills gaps) in nature.

09


23

THIRD-PARTY/VENDOR MANAGEMENT

PRIOR YEAR RANK: NA


Organizations that rely on IT service providers have found that

they must increase the maturity of their vendor management

processes.

Managing infrastructure is changing as operations and services

shift to the cloud.

10

ARE THESE TOP TECHNOLOGY CHALLENGES ADDRESSED IN THE AUDIT PLAN?

24

IT security and privacy/cybersecurity01

Regulatory compliance05

Emerging technology and

infrastructure changes –

transformation, innovation, disruption03

Resource/staffing/skills challenges04

Budgets and controlling costs06

Cloud computing/virtualization07

Third-party/vendor management10

Bridging IT and the business08

Project management and change

management09

Infrastructure management02

QUESTIONS?

25

THANK YOU

26

Visit www.protiviti.com/itauditsurvey to

download the publication.

Gordon Braun, Managing Director

913.661.7406

[email protected]

http://www.protiviti.com/itauditsurvey

Date post:	12-Apr-2018
Category:	Documents
Upload:	ngonhu
View:	218 times
Download:	4 times

TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP … Technology Challen… · TOP TECHNOLOGY...

Documents