No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Cybersecurity Awareness Top of Mind for Internal Auditors, Protiviti Survey Finds

by Corporate Compliance Insights
March 5, 2015
in Cybersecurity

Board engagement and the audit plan are keys to addressing cyber riskseffectively

MENLO PARK, Calif., March 3, 2015 — According to From Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions (www.protiviti.com/IAsurvey), a new survey report released today by global consulting firm Protiviti, internal audit professionals are making strides in meeting cybersecurity and data privacy standards. Much work remains, with many of the surveyed organizations rating themselves as less than “very effective” at addressing their cybersecurity risks. However, the results are significantly better for organizations in which the board of directors has a high level of engagement with information security risks, and those that include cybersecurity in the annual audit plan.

“Across the globe, businesses are continuing to experience cybersecurity issues, challenges and breakdowns. Our survey shines a light on the evolving set of challenges faced by internal audit professionals as they work to incorporate cybersecurity frameworks into business processes,” said Brian Christensen, executive vice president, global internal audit and financial advisory, Protiviti. “Those professionals who continue to engage board members and define cybersecurity measures within their annual audit plans will be poised to effectively mitigate future threats.”

More than 800 internal audit professionals, including chief audit executives (CAEs), participated in Protiviti’s ninth annual survey to assess the top priorities for internal audit functions. Along with a review of cybersecurity management and processes, the survey assessed general technical knowledge, audit process knowledge, and personal skills and capabilities.

Driving Cybersecurity Protection

Protiviti’s survey shows a clear, positive correlation between a high level of board engagement in information security (30 percent of respondents) and an organization’s ability to acceptably manage cybersecurity risk. There is a similar relationship between having defined cybersecurity measures in the annual audit plan and the successful management of cybersecurity risk. For example:

  • Nearly half of organizations with a high level of board engagement (47 percent) rate themselves as “very effective” at identifying cybersecurity risk, compared to just 19 percent of other organizations.
  • Seventy percent of organizations that include cybersecurity in the audit plan have a cybersecurity risk strategy in place, compared to 42 percent of other companies.

More than half of this year’s respondents (53 percent) note that cybersecurity evaluation has been included in their current audit planning. Of those organizations, 60 percent have used the NIST Cybersecurity Framework to measure and evaluate existing programs.

Across respondents, many CIOs have also taken particular interest in collaboration with the audit committee, reporting on both cybersecurity and IT related risks (43 percent).

According to survey participants, the top five most significant cybersecurity risks are:

  • Data security (company information)
  • Brand/reputational damage
  • Regulatory and compliance violations (tie)
  • Data leakage (tie)
  • Viruses and malware

In its report, Protiviti offers 10 recommended action items that CAEs and internal audit professionals should consider implementing as part of their ongoing efforts to help their organizations strengthen cybersecurity.

Technical Knowledge – Top Five Priorities

Internal audit professionals assessed their competency in 35 areas of technical knowledge, indicating whether their knowledge is adequate or requires improvement. Based on these findings, the top areas for technical knowledge improvement include:

  1. Data Analysis Technologies (GTAG 16)
  2. NIST Cybersecurity Framework
  3. Mobile Applications
  4. Continuous Assurance
  5. The Guide to the Assessment of IT Risk (GAIT)

Audit Process Knowledge – Top Five Priorities

Respondents also evaluated 35 areas of audit process knowledge in terms of improvement. These top priorities include:

  1. Auditing IT security
  2. Computer-assisted audit tools (CAATs)
  3. Data analysis tools for data manipulation
  4. Marketing internal audit internally
  5. Monitoring fraud

As in previous years, the results show that internal auditors are intent on improving the way they leverage technology to analyze data and create new efficiencies to free up resources. Results also indicate an increased desire to adhere to new guidance and standards in order to advance existing IT audit plans, and more effectively communicate the importance of these audit practices to key stakeholders.

Personal Skills and Capabilities

In addition to enhancing skills in new technology and applications, internal auditors remain committed to increasing collaboration with other departments and functions in the organization. CAEs and internal audit professionals seek to improve and leverage their personal skills such as persuasion, their relationships with board members, and their internal and external networks in order to balance multiple priorities and strengthen the function’s strategic contributions to the organization.

About the Survey

Protiviti’s survey was fielded between September and October 2014. A majority of the survey participants work in publicly traded and privately held companies and represent virtually all industry sectors. A small percentage of respondents work for government and non-profit organizations. The full report, From Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions, with survey results and analysis is available at www.protiviti.com/IAsurvey.

Additional Resources Available: Webinar, Video, Podcast and Infographic
Protiviti will conduct a complimentary webinar about the study on March 24 at 9:00 a.m. PDT. The 90-minute webinar is eligible for CPE credit* and will feature Christensen and David Brand, a Protiviti managing director and leader of the firm’s IT audit practice, exploring the survey’s results. Please register for the webinar at www.protiviti.com/webinars.Additionally, both a podcast featuring Christensen and Brand discussing insights of the survey results and a video are also available, along with an infographic, on the Protiviti website at www.protiviti.com/IAsurvey.

About Protiviti

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000® and FORTUNE Global 500®companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

 


Previous Post

Farewell to Mr. Spock and Risk Assessment Under COSO

Next Post

Executive Summary: LRN’s 2015 Risk Forecast Report

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

klarna app germany

UK Looks to Set New Global Standard With BNPL Regulation

by John Byrne
July 17, 2025

With their reliance on late fees, buy-now-pay-later services seem designed to take advantage of consumers

bull statue on wall street

Is Recency Bias Undermining Your Fiduciary Duty?

by Steven Abernathy
July 17, 2025

Plan sponsors have a responsibility to keep participants informed about risks of investing & the potential impact of changing market...

get out of jail free card

Rare Declinations by DOJ’s National Security Division Demonstrate Potential Benefits of Voluntary Disclosure — but Could Obscure the Risks

by Justin Weitz, Loyaan Egal, Katelyn Hilferty and Moshe Klein
July 16, 2025

In a recent speech, Matthew R. Galeotti, the head of the DOJ’s Criminal Division, discussed changes in how the DOJ...

robot waiting for job interview

If AI Can Easily Game Hiring Processes, Maybe It’s Time to Rethink What You’re Looking For

by Vera Cherepanova
July 15, 2025

Using AI to prepare for an interview is OK, but what about using it to perform?

Next Post
Executive Summary: LRN’s 2015 Risk Forecast Report

Executive Summary: LRN's 2015 Risk Forecast Report

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights