TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP TO THE AUDIT PLAN
ISACA/Protiviti 6th Annual IT Audit Benchmarking Survey
April 2017
TODAY’S SPEAKER
2
Gordon is a Managing Director at Protiviti where he leads the
Kansas City office and the global IT audit practice. For over
seventeen years, Gordon has been providing risk consulting
services across several industries. He is an active leader of
Protiviti’s central region internal audit practice and has a
particular focus on assisting clients with the assessment and
management of business risks associated with the deployment
and maintenance of technology. Gordon has served as an
engagement leader on multiple outsourced and co-sourced
internal audit engagements. Gordon received his BA from the
University of Notre Dame and his MBA from the University of
Chicago Booth School of Business.
Gordon
Braun
OUR JOINT STUDY
3
6th Annual IT Audit Benchmarking Survey
• The IT audit function has never held a more crucial
role. From substantial cybersecurity, privacy and
infrastructure challenges and management issues
to the implementation of new technologies in the
organization, IT auditors work closely with
management and the board of directors to fulfill a
vital role in helping maintain an effective control
environment amid a changing business climate and
dynamic global marketplace.
• The results of the latest IT Audit Benchmarking
Study from ISACA and Protiviti illustrate the
increasingly integrated role IT audit leaders and
professionals are assuming in regard to technology
initiatives in their organizations.
AGENDA FOR TODAY
4
ISACA and Protiviti partnered to conduct the sixth annual IT Audit
Benchmarking Survey in the third quarter of 2016.1
This global survey, conducted online, consisted of a series of
questions covering five categories: 2
• Today’s Top Technology Challenges
• Audit’s Involvement in IT Implementation Projects
• IT Audit in Relation to the Internal Audit Department
• Assessing IT Risks
• Audit Plan
• Skills and Capabilities
AGENDA FOR TODAY
5
More than 1,000 executives and professionals, including chief audit
executives as well as IT audit vice presidents and directors,
completed the online questionnaire.3
Today we will discuss:4
• Key findings from the 6th Annual IT Audit Benchmarking Survey
• The top 10 technology challenges surfaced by the benchmarking
participants
• How do these technology challenges relate to the internal audit plan?
• What are some of the best practices we see leading internal audit
organizations employing to drive value?
KEY FINDINGS FROM THE IT AUDIT BENCHMARKING SURVEY
KEY FINDING #1 – CYBERSECURITY
7
This has been a highly ranked challenge in our prior years’ surveys, but still has increased in the importance and clearly is the top-of-mind concern for IT audit leaders and professionals. These results are consistent with the results of Protiviti’s annual survey of technology leaders, which show that IT security and incident response capabilities dominates the priority lists for CIOs.
CYBERSECURITY IS VIEWED AS THE TOP TECHNOLOGY
CHALLENGE
01
KEY FINDING #2 – EXECUTIVE-LEVEL INTEREST
8
A majority of IT audit leaders are regularly attending audit committee meetings, and many more are reporting directly to the CEO (though this reporting relationship may not be ideal). There also is more audit committee involvement in the IT audit risk assessment process.
THERE APPEARS TO BE MORE EXECUTIVE-LEVEL INTEREST IN
IT AUDIT
02
KEY FINDING #3 – CAE LEADERSHIP
9
CAEs are becoming increasingly IT-literate and appear to be taking on the daily management and leadership of the IT audit function, especially given technology’s importance and risk level in most organizations. This is a positive trend as it provides the IT audit function and responsibilities with greater visibility.
MORE CAES ARE BEGINNING TO CARRY LEADERSHIP FOR IT
AUDIT DIRECTLY
03
KEY FINDING #4 – KEY TECHNOLOGY PROJECTS
10
While it is encouraging to find some involvement in the early stages of a project such as planning and design, IT audit functions are more frequently involved post-implementation. Given that a strong majority of organizations have implemented a new IT system or application within the past three years, there likely are opportunities for IT audit to become more involved earlier on with these initiatives.
MOST IT AUDIT SHOPS HAVE SIGNIFICANT OR MODERATE LEVEL
INVOLVEMENT IN KEY TECHNOLOGY PROJECTS
04
KEY FINDING #5 – IT AUDIT RISK ASSESSMENTS
11
Considering the growing risk landscape resulting from cybersecurity threats and merging technologies, more organizations should consider an approach that includes continually reviewing the IT risk landscape and adjusting IT audit plans accordingly.
MOST PERFORM IT AUDIT RISK ASSESSMENTS, THOUGH A
MAJORITY DO SO ANNUALLY OR LESS FREQUENTLY
05
TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP TO THE AUDIT PLAN
TODAY’S TOP TECHNOLOGY CHALLENGES
13
IT security and privacy/cybersecurity01
Regulatory compliance05
Emerging technology and
infrastructure changes –
transformation, innovation, disruption03
Resource/staffing/skills challenges04
Budgets and controlling costs06
Cloud computing/virtualization07
Third-party/vendor management10
Bridging IT and the business08
Project management and change
management09
Infrastructure management02
TODAY’S TOP TECHNOLOGY CHALLENGES
14
IT SECURITY AND PRIVACY/CYBERSECURITY
PRIOR YEAR RANK: #2
HOW DOES THIS IMPACT THE AUDIT PLAN?
The global risks in this area have never been higher, and the
magnitude is almost certain to intensify in the months and years
to come.
Cybercriminal activity against global companies surged in the past
year, and there are growing signs suggesting that a form of global
cyberwar has commenced.
01
TODAY’S TOP TECHNOLOGY CHALLENGES
15
INFRASTRUCTURE MANAGEMENT
PRIOR YEAR RANK: #4
HOW DOES THIS IMPACT THE AUDIT PLAN?
IT infrastructure management has become a major challenge for
organizations, particularly those that have aging cores of outdated
information systems.
A growing number of these organizations are electing to
modernize their aging cores to achieve both increased agility and
significant long-term savings in costs and resources.
02
TODAY’S TOP TECHNOLOGY CHALLENGES
16
EMERGING TECHNOLOGY AND
INFRASTRUCTURE CHANGES –
TRANSFORMATION, INNOVATION, DISRUPTION
PRIOR YEAR RANK: #1
HOW DOES THIS IMPACT THE AUDIT PLAN?
The most common drivers of transformational initiatives often
include new functionality, cost optimization, operational
improvement, adoption of emerging technology, and alignment
between the IT organization and the business.
It is important to understand IT transformation obstacles in the
context of the unique challenges for your organization and
industry.
03
TODAY’S TOP TECHNOLOGY CHALLENGES
17
RESOURCE/STAFFING/SKILLS CHALLENGES
PRIOR YEAR RANK: #3
HOW DOES THIS IMPACT THE AUDIT PLAN?
In today’s market, it’s a challenge to find qualified and
experienced IT auditors, and talent levels are below where many
organizations want them to be.
Not only was this noted by respondents as one of today’s top IT
challenges, this is supported in numerous results within the
survey.
04
TODAY’S TOP TECHNOLOGY CHALLENGES
18
REGULATORY COMPLIANCE
PRIOR YEAR RANK: #9
HOW DOES THIS IMPACT THE AUDIT PLAN?
Increasing, and increasingly sophisticated, cyberattacks will likely
result in more regulations and oversight, as governments and
regulatory authorities seek to bolster protections of consumer and
organizational data.
This is especially an issue for organizations in highly regulated
industries.
05
TODAY’S TOP TECHNOLOGY CHALLENGES
19
BUDGETS AND CONTROLLING COSTS
PRIOR YEAR RANK: #10
HOW DOES THIS IMPACT THE AUDIT PLAN?
IT budgets are rising.
Investments in running IT operations and maintaining technology
through the business consume large portions of IT budgets, often
followed by investments in improvements and innovation, security
and compliance.
06
TODAY’S TOP TECHNOLOGY CHALLENGES
20
CLOUD COMPUTING/VIRTUALIZATION
PRIOR YEAR RANK: #5
HOW DOES THIS IMPACT THE AUDIT PLAN?
Cloud adoption and virtualization will continue to take place in the
coming years.
The widespread adoption of infrastructure as a service, software
as a service and platform as a service will require significant
planning and changes.
07
TODAY’S TOP TECHNOLOGY CHALLENGES
21
BRIDGING IT AND THE BUSINESS
PRIOR YEAR RANK: #6
HOW DOES THIS IMPACT THE AUDIT PLAN?
Technology risk is a significant component of critical enterprise
risks. It is important that internal audit understand the technology-
related risks that present threats to the business model.
Audit should follow these developments closely because of the
potential audit and disclosure implications they may have.
08
TODAY’S TOP TECHNOLOGY CHALLENGES
22
PROJECT MANAGEMENT AND CHANGE
MANAGEMENT
PRIOR YEAR RANK: #7
HOW DOES THIS IMPACT THE AUDIT PLAN?
In organizations today, there is a growing number of critical
initiatives underway as they undergo the types of IT
transformation, cloud, digitization and big data projects.
However, there are significant roadblocks, both technological
(legacy systems and processes) and cultural (change
management problems and skills gaps) in nature.
09
TODAY’S TOP TECHNOLOGY CHALLENGES
23
THIRD-PARTY/VENDOR MANAGEMENT
PRIOR YEAR RANK: NA
HOW DOES THIS IMPACT THE AUDIT PLAN?
Organizations that rely on IT service providers have found that
they must increase the maturity of their vendor management
processes.
Managing infrastructure is changing as operations and services
shift to the cloud.
10
ARE THESE TOP TECHNOLOGY CHALLENGES ADDRESSED IN THE AUDIT PLAN?
24
IT security and privacy/cybersecurity01
Regulatory compliance05
Emerging technology and
infrastructure changes –
transformation, innovation, disruption03
Resource/staffing/skills challenges04
Budgets and controlling costs06
Cloud computing/virtualization07
Third-party/vendor management10
Bridging IT and the business08
Project management and change
management09
Infrastructure management02
QUESTIONS?
25
THANK YOU
26
Visit www.protiviti.com/itauditsurvey to
download the publication.
Gordon Braun, Managing Director
913.661.7406