MENLO PARK, Calif.,
March 3, 2015 /PRNewswire/
-- According to From Cybersecurity to Collaboration:
Assessing the Top Priorities for Internal Audit Functions
(www.protiviti.com/IAsurvey), a new survey report released today by
global consulting firm Protiviti, internal audit professionals are
making strides in meeting cybersecurity and data privacy standards.
Much work remains, with many of the surveyed organizations rating
themselves as less than "very effective" at addressing their
cybersecurity risks. However, the results are significantly better
for organizations in which the board of directors has a high level
of engagement with information security risks, and those that
include cybersecurity in the annual audit plan.
"Across the globe, businesses are continuing to experience
cybersecurity issues, challenges and breakdowns. Our survey shines
a light on the evolving set of challenges faced by internal audit
professionals as they work to incorporate cybersecurity frameworks
into business processes," said Brian
Christensen, executive vice president, global internal audit
and financial advisory, Protiviti. "Those professionals who
continue to engage board members and define cybersecurity measures
within their annual audit plans will be poised to effectively
mitigate future threats."
More than 800 internal audit professionals, including chief
audit executives (CAEs), participated in Protiviti's ninth annual
survey to assess the top priorities for internal audit functions.
Along with a review of cybersecurity management and processes, the
survey assessed general technical knowledge, audit process
knowledge, and personal skills and capabilities.
Driving Cybersecurity Protection
Protiviti's survey shows a clear, positive correlation between a
high level of board engagement in information security (30 percent
of respondents) and an organization's ability to acceptably manage
cybersecurity risk. There is a similar relationship between having
defined cybersecurity measures in the annual audit plan and the
successful management of cybersecurity risk. For example:
- Nearly half of organizations with a high level of board
engagement (47 percent) rate themselves as "very effective" at
identifying cybersecurity risk, compared to just 19 percent of
other organizations.
- Seventy percent of organizations that include cybersecurity in
the audit plan have a cybersecurity risk strategy in place,
compared to 42 percent of other companies.
More than half of this year's respondents (53 percent) note that
cybersecurity evaluation has been included in their current audit
planning. Of those organizations, 60 percent have used the NIST
Cybersecurity Framework to measure and evaluate existing
programs.
Across respondents, many CIOs have also taken particular
interest in collaboration with the audit committee, reporting on
both cybersecurity and IT related risks (43 percent).
According to survey participants, the top five most significant
cybersecurity risks are:
- Data security (company information)
- Brand/reputational damage
- Regulatory and compliance violations (tie)
- Data leakage (tie)
- Viruses and malware
In its report, Protiviti offers 10 recommended action items that
CAEs and internal audit professionals should consider implementing
as part of their ongoing efforts to help their organizations
strengthen cybersecurity.
Technical Knowledge – Top Five Priorities
Internal audit professionals assessed their competency in 35
areas of technical knowledge, indicating whether their knowledge is
adequate or requires improvement. Based on these findings, the top
areas for technical knowledge improvement include:
- Data Analysis Technologies (GTAG 16)
- NIST Cybersecurity Framework
- Mobile Applications
- Continuous Assurance
- The Guide to the Assessment of IT Risk (GAIT)
Audit Process Knowledge – Top Five Priorities
Respondents also evaluated 35 areas of audit process knowledge
in terms of improvement. These top priorities include:
- Auditing IT security
- Computer-assisted audit tools (CAATs)
- Data analysis tools for data manipulation
- Marketing internal audit internally
- Monitoring fraud
As in previous years, the results show that internal auditors
are intent on improving the way they leverage technology to analyze
data and create new efficiencies to free up resources. Results also
indicate an increased desire to adhere to new guidance and
standards in order to advance existing IT audit plans, and more
effectively communicate the importance of these audit practices to
key stakeholders.
Personal Skills and Capabilities
In addition to enhancing skills in new technology and
applications, internal auditors remain committed to increasing
collaboration with other departments and functions in the
organization. CAEs and internal audit professionals seek to improve
and leverage their personal skills such as persuasion, their
relationships with board members, and their internal and external
networks in order to balance multiple priorities and strengthen the
function's strategic contributions to the organization.
About the Survey
Protiviti's survey was fielded between September and
October 2014. A majority of the
survey participants work in publicly traded and privately held
companies and represent virtually all industry sectors. A small
percentage of respondents work for government and non-profit
organizations. The full report, From Cybersecurity to
Collaboration: Assessing the Top Priorities for Internal Audit
Functions, with survey results and analysis is available at
www.protiviti.com/IAsurvey.
Additional Resources Available: Webinar, Video, Podcast and
Infographic
Protiviti will conduct a complimentary webinar about the study
on March 24 at 9:00 a.m. PDT. The 90-minute webinar is eligible
for CPE credit* and will feature Christensen and David Brand, a Protiviti managing director and
leader of the firm's IT audit practice, exploring the survey's
results. Please register for the webinar at
www.protiviti.com/webinars. Additionally, both a podcast featuring
Christensen and Brand discussing insights of the survey results and
a video are also available, along with an infographic, on the
Protiviti website at www.protiviti.com/IAsurvey.
About Protiviti
Protiviti (www.protiviti.com) is a global consulting firm that
helps companies solve problems in finance, technology, operations,
governance, risk and internal audit, and has served more than 40
percent of FORTUNE 1000® and FORTUNE Global
500®companies. Protiviti and its independently owned
Member Firms serve clients through a network of more than 70
locations in over 20 countries. The firm also works with smaller,
growing companies, including those looking to go public, as well as
with government agencies.
Protiviti is a wholly owned subsidiary of Robert
Half (NYSE: RHI). Founded in 1948, Robert
Half is a member of the S&P 500 index.
Protiviti is not licensed or registered as a public
accounting firm and does not issue opinions on financial statements
or offer attestation services.
Editor's note: infographic (in PDF or JPEG) and photo available
upon request.
*Protiviti is registered with the National Association
of State Boards of Accountancy (NASBA) as a sponsor of continuing
professional education on the National Registry of CPE Sponsors.
State boards of accountancy have final authority on the acceptance
of individual courses for CPE credit. Complaints regarding
registered sponsors may be submitted to the National Registry of
CPE Sponsors through its
website: www.learningmarket.org.
Logo -
http://photos.prnewswire.com/prnh/20090115/AQTH541LOGO
Photo -
http://photos.prnewswire.com/prnh/20150303/179161-INFO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/cybersecurity-awareness-top-of-mind-for-internal-auditors-protiviti-survey-finds-300044426.html
SOURCE Protiviti