Audit & Risk

The top 10 priorities for internal auditors

A new survey shows that internal auditors have IT issues on the brain.

in News.

Article Image

There are myriad controls and processes that organisations can include in their annual internal audit plans, but it seems that IT issues are at the top of the list. 

A yearly survey by consultancy Protiviti has found that the majority of the top ten priorities identified by internal auditors relate to information technology risks. 

Companies are trying to balance the security and effectiveness of existing IT systems with the introduction of new technologies, greater digitisation and mobilisation of internal and customer-facing systems. 

Ensuring the efficacy of old and new systems and the rising threat of cyber crime are pushing IT issues up the priority list for internal audit.  

Internal auditors’ top 10 priorities for 2016:

1. ISO 2700 (information security)
2. Mobile applications
3. NIST Cybersecurity Framework
4. GTAG 16 – Data Analysis Technologies
5. Internet of Things
6. Agile Risk and Compliance
7. ISO 14000 (environmental management)
8. Data Analysis Tools – Statistical Analysis
9. Country-Specific ERM Framework
10. Big Data/Business Intelligence

The survey also found that organisations are more likely than ever to evaluate cyber security risk as part of their annual audit plans. Nearly three out of four organisations (73 per cent) now include cyber security risk in their internal audits, a 20 per cent year-on-year increase. 

An organisation’s ability to defend itself from hacks has never been more important, regardless of sector, with the scale of the threat laid bare by recent high-profile data breaches at TalkTalk and JD Wetherspoon.

Protiviti found that 57 percent of companies surveyed have received enquiries from customers, clients or insurance providers about the organisation’s state of cyber security.

Furthermore, its findings show that board engagement and the inclusion of cyber security in the current current audit plan result in businesses being better prepared for cyber attacks. 

For example, 92 per cent of organisations with a high level of board engagement in information security risks have a cyber security risk strategy in place, compared to 77 per cent of other organisations. Similarly, 83 per cent of companies that include cyber security risk in the annual audit plan have a cyber security risk policy, versus 53 per cent that do not include this risk in their audit plans.

Download the full survey here


The IIA: find out more

Visit the main IIA site

Jobs

Auditor

Post Number: FSA02
Grade: 7- SO2 Salary: £23,166 - £29,854
Hours: 37 per week

Audit Manager

£38,789 - £42,474 pa
37 hpw, permanent.

Senior Internal Auditor

Sector: Not For Profit
Salary: £41,000 (raising to £46,000 after probation)
Location: London
Job Ref: SD/148943

Careers advice

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Training & Development

CPE: Solid foundations

Continuing professional education is an important tool for developing your skills, progressing through your career and ensuring that the qualification and the profession are respected. The Chartered IIA’s CPE requirements will be changing in April to bring them into line with those of IIA Global. So what do you need to know to stay ahead?
Words: Ruth Prickett

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Tools

You asked us

Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve recently asked.

Early warning systems

New regulatory demands for whistleblowing – or “speak up” – policies are raising the bar on best practice. Internal auditors need to take note.
Words: Alexander Glebovskiy

CPE: Solid foundations

Continuing professional education is an important tool for developing your skills, progressing through your career and ensuring that the qualification and the profession are respected. The Chartered IIA’s CPE requirements will be changing in April to bring them into line with those of IIA Global. So what do you need to know to stay ahead?
Words: Ruth Prickett