Audit & Risk

The top 10 priorities for internal auditors

A new survey shows that internal auditors have IT issues on the brain.

in News.

Article Image

There are myriad controls and processes that organisations can include in their annual internal audit plans, but it seems that IT issues are at the top of the list. 

A yearly survey by consultancy Protiviti has found that the majority of the top ten priorities identified by internal auditors relate to information technology risks. 

Companies are trying to balance the security and effectiveness of existing IT systems with the introduction of new technologies, greater digitisation and mobilisation of internal and customer-facing systems. 

Ensuring the efficacy of old and new systems and the rising threat of cyber crime are pushing IT issues up the priority list for internal audit.  

Internal auditors’ top 10 priorities for 2016:

1. ISO 2700 (information security)
2. Mobile applications
3. NIST Cybersecurity Framework
4. GTAG 16 – Data Analysis Technologies
5. Internet of Things
6. Agile Risk and Compliance
7. ISO 14000 (environmental management)
8. Data Analysis Tools – Statistical Analysis
9. Country-Specific ERM Framework
10. Big Data/Business Intelligence

The survey also found that organisations are more likely than ever to evaluate cyber security risk as part of their annual audit plans. Nearly three out of four organisations (73 per cent) now include cyber security risk in their internal audits, a 20 per cent year-on-year increase. 

An organisation’s ability to defend itself from hacks has never been more important, regardless of sector, with the scale of the threat laid bare by recent high-profile data breaches at TalkTalk and JD Wetherspoon.

Protiviti found that 57 percent of companies surveyed have received enquiries from customers, clients or insurance providers about the organisation’s state of cyber security.

Furthermore, its findings show that board engagement and the inclusion of cyber security in the current current audit plan result in businesses being better prepared for cyber attacks. 

For example, 92 per cent of organisations with a high level of board engagement in information security risks have a cyber security risk strategy in place, compared to 77 per cent of other organisations. Similarly, 83 per cent of companies that include cyber security risk in the annual audit plan have a cyber security risk policy, versus 53 per cent that do not include this risk in their audit plans.

Download the full survey here

The IIA: find out more

Visit the main IIA site


Careers advice

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Room to grow

If you feel stuck in your role or sector, yet are keen to progress in an internal auditing career, what are your options? You could become a non-executive director or contribute your experience to higher education, suggests Ann Brook CFIIA.

Time to volunteer

Rachel Bowden, chair of the IIA’s Guidance Working Group, explains why she started volunteering and what she has gained from the experience.

Training & Development

PwC launches cyber-breach simulation game for executives

Big four consultancy PwC has launched "Game of Threats" – an interactive game to teach senior executives the risks of cyber-attacks and encourage them to test how they would respond in real time.

CPD: work in progress

Staying up to date is essential if you want to have a successful career in internal audit – and the IIA’s CPD competency framework is designed to help.


Mindset & influence: the personal audit

Your mindset is the biggest tool for your job as it is the key to influencing those around you. Honing these soft skills is just as important as developing your technical expertise, writes Diane Ingham-Cook, a consultant at Effective Training.

Root Cause Analysis: a powerful tool for internal audit

Often internal audit will flag up the same issues time and again without getting to the crux, or root cause, of the issue. This is why Root Cause Analysis (RCA) is essential to improving audits, writes James Paterson, the founder of Risk & Assurance Insights.

Mapping the road to assurance

Assurance maps are a vital tool that guide internal audits and give audit committees peace of mind. Sandie Dawson, director at Dawson Corporate Advisory, offers insight into effective assurance mapping.