Security Market Segment LS
Wednesday, 16 December 2020 10:49

Security, privacy, cloud and technology resilience top of mind for IT audit sector Featured


Concerns around security, privacy, cloud and technology resilience in the IT audit industry are being further fueled by shifting business priorities, the pandemic-induced remote work environment and accelerated deployment of new technologies entering into 2021, according to a new global survey.

The survey from global consulting firm Protiviti and the ICT professional association ISACA, titled IT Audit Perspectives: Top Technology Risks in 2021,” reports that IT audit groups – particularly those in more digitally mature organisations – are utilising more dynamic and real-time approaches to technology risk assessment, which “enables them to be more agile and responsive to the rapidly evolving risk landscape, driven in no small part by pandemic-related challenges”.

The technology and audit benchmarking survey identified the top concerns that over 7,400 IT audit leaders and professionals from organisations around the world are facing and planning to address in 2021.

The findings also reveal that ‘digital leaders’ – those “self-characterised as having innovative and disruptive qualities, including a proven track record of delivering on digital and innovation initiatives and effective adoption of emerging technologies” – weigh risks differently from companies with lower levels of digital transformation maturity and those who are in the earlier stages of defining and delivering on their digital and innovation agenda.

The survey report notes that digital leaders stand out in their frequency of performing technology audit risk assessments - driven by more agile ways of working as well as more integration and use of data and technology.

“However, the majority (67%) of organisations do not classify themselves as digital leaders, and 11% of those non-leaders are not conducting any form of technology risk assessment,” the report notes.

The report lists top 10 IT Audit Risks for 2021, with the survey respondents asked to rate the significance of 39 technology risk issues. The top 10 10 IT audit risks identified were:

  • Cyber Breach
  • Confidentiality and Privacy
  • Regulatory Compliance
  • User Access
  • Security Incident Management
  • Disaster Recovery
  • Data Governance
  • Third-Party Risk
  • Remote Workplace Infrastructure
  • Availability Risk

The report notes that for the most part, the top 10 technology risks for digital leaders and other companies were the same, but risk indexes trended higher for digital leaders.

“This is likely a result of several factors, including the generally more complex technology environments of such organisations, as well as their more extensive use of advanced technologies (such as intelligent automation, IoT, artificial intelligence and machine learning), and the general levels of data and technology employed by digital leaders to support their enhanced customer engagement, operational performance and digitisation of products and services.

“One notable difference between digital leaders and other organisations was that cloud strategy and adoption was a top 10 risk for digital leaders but not for others, because digital leaders were more likely to include cloud technologies in their delivery of business services and in their longer-term planning and strategy,” the report notes.

“Companies need visibility to effectively identify and evaluate risks. The sudden shift to remote work, as well as the broader disruption experienced by many, has revealed the importance of identifying and assessing technology risks on a more dynamic and frequent basis to develop closer-to-real-time views and responses,” said Andrew Struthers-Kennedy, a managing director with Protiviti and leader of the IT Audit practice.

“We’re seeing significant demand from companies that need help integrating more dynamic and data-driven approaches to risk assessments into their internal audit activities. Internal audit functions that are able to achieve this will be much better positioned to deliver highly efficient and effective risk assurance.”

The survey also found that most organisations (61%) are now identifying and assessing technology risks for the purpose of audit planning as part of the overall internal audit risk assessment process, and notes, however, that leaves a somewhat worrying 39% of organisations that are not specifically assessing technology risks in the development of audit plans.

Despite the geographical spread of the survey respondents and number of industries included, the ranking of technology risks was generally consistent, the report says.

IT audit professionals from North America, Africa, Asia, Europe, the Middle East and Oceania all ranked cyber breaches as their top concern, with almost 80% globally noting that they plan to address the risk in their 2021 audit plans.

Cyber breaches were also consistently a primary concern across industry sectors, including consumer packaged goods and retail; energy and utilities; financial services; healthcare; manufacturing and distribution; and technology, media and telecommunications.

“Responses from this study show that missteps in risk management are amplified for organisations that have not yet mastered timely responses to business disruption,” said Robin Lyons, ISACA IT Audit Professional Practices Lead.

“Audit functions that have a strategy that keeps pace with longer-term risks and high-velocity risks will demonstrate their value as they continue to provide assurance regardless of any disruption.”

The report is based on a survey, fielded in September-October of 2020, of 7,470 executives and professionals, including Chief Audit Executives and IT audit vice presidents and directors, representing a wide range of industries globally.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Peter Dinham

Peter Dinham - an iTWire treasure is a mentor and coach who volunteers also a writer and much valued founding partner of iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News