No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Protiviti: Cybersecurity Risk Becoming a Mainstay in Annual Audit Plans

by Corporate Compliance Insights
March 3, 2016
in GRC Vendor News
Protiviti: Cybersecurity Risk Becoming a Mainstay in Annual Audit Plans

10th Annual Internal Audit Capabilities and Needs Survey Also Explores Evolution of Internal Auditing Over the Past Decade

MENLO PARK, Calif., March 2, 2016 — According to Arriving at Internal Audit’s Tipping Point Amid Business Transformation, the 2016 Internal Audit Capabilities and Needs Survey report (www.protiviti.com/IAsurvey) released today by global consulting firm Protiviti, organizations are more likely than ever to evaluate cybersecurity risk as part of their annual audit plans. Nearly three out of four organizations (73 percent) now include cybersecurity risk in their internal audits, a 20 percent increase year-over-year. While there is a clear need among most internal audit groups to strengthen their ability to address cybersecurity risk, the survey found that these capabilities are much stronger for top-performing organizations, particularly those in which the Board of Directors has a high level of engagement in information security risks.

“Cyberattack threats are significant and continuously evolving in sophistication,” said Brian Christensen, Executive Vice President, Global Internal Audit, Protiviti. “Our survey found that when it comes to cybersecurity and auditing processes, the highest performing organizations have audit committees and Boards who actively engage with the internal audit function during the discovery and assessment of these risks. It’s still apparent, however, that further work is essential to build out these internal audit capabilities. Companies must take stronger action to set these imperatives into place.”

More than 1,300 internal audit professionals, including more than 150 Chief Audit Executives (CAEs), participated in Protiviti’s 10th annual survey to assess the top priorities for internal audit functions in the coming year.

Cybersecurity Risk Capabilities and Best Practices

During the past decade, the importance of cybersecurity in internal audit functions has evolved from a simple IT risk to a serious strategic business risk, an issue that now must be addressed regularly by executive management and the Board of Directors. In fact, 57 percent of companies surveyed have received inquiries from customers, clients and/or insurance providers about the organization’s state of cybersecurity.

Protiviti’s survey found that there are two critical success factors when establishing and maintaining an effective cybersecurity plan:

  1. A high level of engagement by the Board of Directors in information security risks; and
  2. Including the evaluation of cybersecurity risk in the current audit plan.

Companies with at least one of these success factors in place have a stronger risk posture to combat cyber threats. For example, 92 percent of organizations with a high level of Board engagement in information security risks have a cybersecurity risk strategy in place, compared to 77 percent of other organizations. Similarly, 83 percent of companies that include cybersecurity risk in the annual audit plan have a cybersecurity risk policy, versus 53 percent that do not include cybersecurity risk in their audit plans.

10 Years of Internal Audit

Over the past 10 years, internal audit professionals have assessed their competency in more than 30 areas of audit process knowledge and general technical knowledge in Protiviti’s survey. Areas that continue to surface as top priorities year-over-year include ISO 27000, data analysis technologies, various areas of auditing IT, technology-enabled auditing and fraud risk management.

As for 2016, technology issues dominated the priority list for internal auditors. The top 10 priorities for internal audit are:

  1. ISO 2700 (Information Security)
  2. Mobile Applications
  3. NIST Cybersecurity Framework
  4. GTAG 16 – Data Analysis Technologies
  5. Internet of Things
  6. Agile Risk and Compliance
  7. ISO 14000 (Environmental Management)
  8. Data Analysis Tools – Statistical Analysis
  9. Country-Specific ERM Framework
  10. Big Data/Business Intelligence

“With most of the top priorities identified relating to IT risks, it’s clear that auditing IT has never been more important to internal audit functions and to the state of an organization’s overall risk profile,” added Christensen. “The rapid introduction of new technologies, combined with the growing frequency and magnitude of corporate cybersecurity lapses, is driving internal audit to increase its IT audit capabilities each year. With internal audit now at a tipping point, these top priorities are more important than ever before. If the internal audit function doesn’t keep up with the growth and innovation of companies, it will be left behind. The time to act is now.”

About the Survey and Resources

Protiviti’s 2016 Internal Audit Capabilities and Needs Survey was fielded in December 2015 across the globe and surveyed 1,333 respondents, with the majority from North America. Respondents work in the public, private, government and nonprofit sectors and are representative of virtually all industry sectors.

The survey report, along with an infographic highlighting key results, a podcast and a short video, are all available for complimentary download at www.protiviti.com/IAsurvey.

Webinar on March 24

Key findings from the survey will be discussed in a complimentary webinar on March 24 at 9:00 a.m. PDT. Protiviti’s Christensen, joined by Protiviti Managing Directors David Brand and Nancy Pechloff and guest speaker Kathleen Swain, VP of Internal Audit, Horizon BCBS of New Jersey, will discuss the findings and add their insights during this 90-minute webinar. Please register at http://bit.ly/1QqcybG.

About Protiviti Inc.

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500®companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Named to the 2015 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE:  RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.


Previous Post

How Small Businesses Can Remain Compliant with the DOL’s Proposed Overtime Rule

Next Post

Derailing Internal Reviews, Audits, Assessments and Investigations

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

robot nurturing a good idea

Innovation vs. Compliance: In the Age of AI, Why Not Both?

by Asha Palmer
June 17, 2025

As governments scramble to regulate AI, forward-thinking companies are writing their own compliance playbooks

human robot working as team pie chart

Smart Machines, Smarter Humans: Why Compliance Still Needs a Human Touch

by Roman Eloshvili
June 17, 2025

From the 2008 financial crisis to everyday judgment calls, the case for keeping humans in the compliance loop

data privacy leader concept

Who’s Minding Your Data? The Case for Dedicated Privacy Leadership

by Daniel Barber
June 16, 2025

As state privacy laws multiply and AI introduces new vulnerabilities, the question isn't whether you need dedicated privacy expertise —...

abstract obscured data colorful

NIST’s Differential Privacy Guidelines: 6 Critical Areas for Secure Implementation

by Michelle Drolet
June 16, 2025

Standard de-identification methods remain vulnerable to sophisticated attacks, but differential privacy offers mathematical guarantees that scale with emerging threats

Next Post
internal audits are important, but so are independent investigations

Derailing Internal Reviews, Audits, Assessments and Investigations

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights