Audit & Risk

The top 10 priorities for internal auditors

A new survey shows that internal auditors have IT issues on the brain.

in News.

Article Image

There are myriad controls and processes that organisations can include in their annual internal audit plans, but it seems that IT issues are at the top of the list. 

A yearly survey by consultancy Protiviti has found that the majority of the top ten priorities identified by internal auditors relate to information technology risks. 

Companies are trying to balance the security and effectiveness of existing IT systems with the introduction of new technologies, greater digitisation and mobilisation of internal and customer-facing systems. 

Ensuring the efficacy of old and new systems and the rising threat of cyber crime are pushing IT issues up the priority list for internal audit.  

Internal auditors’ top 10 priorities for 2016:

1. ISO 2700 (information security)
2. Mobile applications
3. NIST Cybersecurity Framework
4. GTAG 16 – Data Analysis Technologies
5. Internet of Things
6. Agile Risk and Compliance
7. ISO 14000 (environmental management)
8. Data Analysis Tools – Statistical Analysis
9. Country-Specific ERM Framework
10. Big Data/Business Intelligence

The survey also found that organisations are more likely than ever to evaluate cyber security risk as part of their annual audit plans. Nearly three out of four organisations (73 per cent) now include cyber security risk in their internal audits, a 20 per cent year-on-year increase. 

An organisation’s ability to defend itself from hacks has never been more important, regardless of sector, with the scale of the threat laid bare by recent high-profile data breaches at TalkTalk and JD Wetherspoon.

Protiviti found that 57 percent of companies surveyed have received enquiries from customers, clients or insurance providers about the organisation’s state of cyber security.

Furthermore, its findings show that board engagement and the inclusion of cyber security in the current current audit plan result in businesses being better prepared for cyber attacks. 

For example, 92 per cent of organisations with a high level of board engagement in information security risks have a cyber security risk strategy in place, compared to 77 per cent of other organisations. Similarly, 83 per cent of companies that include cyber security risk in the annual audit plan have a cyber security risk policy, versus 53 per cent that do not include this risk in their audit plans.

Download the full survey here

The IIA: find out more

Visit the main IIA site


Careers advice

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Room to grow

If you feel stuck in your role or sector, yet are keen to progress in an internal auditing career, what are your options? You could become a non-executive director or contribute your experience to higher education, suggests Ann Brook CFIIA.

Time to volunteer

Rachel Bowden, chair of the IIA’s Guidance Working Group, explains why she started volunteering and what she has gained from the experience.

Training & Development

PwC launches cyber-breach simulation game for executives

Big four consultancy PwC has launched "Game of Threats" – an interactive game to teach senior executives the risks of cyber-attacks and encourage them to test how they would respond in real time.

CPD: work in progress

Staying up to date is essential if you want to have a successful career in internal audit – and the IIA’s CPD competency framework is designed to help.


Harnessing the power of technology in ERM: driving a continuous and verifiable process

Sponsored content
Some of the greatest strides in the formalisation of enterprise risk management (ERM) have occurred within the past decade – prompted by problems such as the global financial crisis and the increasing threat of cyberattacks. So how do organisations effectively focus on a formalised risk management structure? Workiva's white paper "Harnessing the Power of Technology in ERM: Driving a Continuous and Verifiable Process" suggests some answers.

You asked us

Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve recently asked.

Raising Standards

IIA Global is introducing two new professional Standards and updating some of its existing Standards with effect from 1 January 2017. So what are the changes?