Cybersecurity, privacy and technologies still top challenges for IT audit teams and leaders

Cybersecurity, privacy and technologies—from mission-critical to digitally transformative—top the list of challenges IT audit teams and leaders grapple with every day, according to a study conducted by ISACA and Protiviti.

IT audit challenges

An executive summary of the study notes the growing role and responsibilities of IT audit in digital transformation, partnerships between the IT organization and IT audit function, and differences in how IT audit leaders operate compared to other IT audit professionals.

The 2019 IT Audit Benchmarking Study, which will be released in full later this year, found that the biggest challenges for IT auditors were:

  • IT security and privacy/cybersecurity
  • Data management and governance
  • Emerging technology and infrastructure changes—transformation, innovation, disruption
  • Resource/staffing/skills challenges
  • Third-party/vendor management

More respondents this year said their organizations are interested in using advanced technologies, including robotic process automation, artificial intelligence (AI), machine learning and deep learning, as well as continuous auditing and monitoring, to drive greater revenue, profitability and shareholder value, and increased productivity and cost efficiencies.

These findings align with other recent research from both ISACA and Protiviti on digital transformation. For example, ISACA’s Digital Transformation Barometer Research found that respondents saw big data and AI/machine learning/cognitive technology as the top emerging technologies that were most likely to deliver the greatest value to their organizations.

“More organizations are more rapidly embracing emerging technologies as part of their digital transformations. IT auditors play pivotal and key partnership roles in those journeys, mitigating risk and accelerating expected business benefits,” said Rob Clyde, ISACA board chair.

Though there is interest in new technology implementation, many organizations face difficulties in finding professionals with the right knowledge and skills, or in training current staff in new skills. According to the survey, the skills that organizations most seek in new hires are related to advanced and enabling technologies, critical thinking and data science.

This echoes findings from ISACA’s Future of IT Audit study, in which many of the surveyed auditors indicated that a technical skills gap has an impact on performing IT audits with a high degree of confidence.

Partnerships essential to IT audit success

Additionally, the 2019 IT Audit Benchmarking Study compares responses between those IT audit organizations identified as leaders—defined as those IT audit groups that have a strong partnership with their company’s IT function—and those IT audit organizations that do not have these strong partnerships. This comparison provides insights into how each group sees their own role, as well as their views of collaboration or processes within their own group.

For example, one survey question explored whether there was a formal process to determine whether to continue or postpone a strategic technology project if new risks are identified while the implementation process is underway. Fifty-nine percent of leaders indicated this process does exist, compared to 48 percent of non-leaders.

“The data from this report can help IT audit teams better understand the dynamic between different roles, as well as where there may be gaps they need to bridge in order to collaborate most effectively,” said Andrew Struthers-Kennedy, managing director and leader, IT Audit practice, Protiviti.

“By better understanding each group’s perspective and addressing any discrepancies, they can improve the quality of their partnership and outcomes.”

ISACA’s technical research manager Robin Lyons echoed the importance and wide scope of partnerships essential to IT audit success. “Just as operational effectiveness is continually assessed, IT auditors must establish and evolve ongoing partnerships across the organization, with IT and business teams and leadership. These dynamics are more important than ever, given the pace of change, opportunities and competition,” she said.