No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Protiviti and ISACA: IT Audit Benchmarking Survey

by Corporate Compliance Insights
April 5, 2018
in GRC Vendor News
Protiviti and ISACA: IT Audit Benchmarking Survey

Findings reveal cybersecurity, IT governance and emerging technology are shaping IT audit plans in 2018; technological changes give rise to new risks; drive demand for more advanced auditing technology, skills, knowledge and resources 

Menlo Park, CA (April 5, 2018) – IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a just-released benchmarking study from global consulting firm Protiviti and ISACA, a global association helping individuals and enterprises in the IT audit/assurance, governance, risk and information security space.

The seventh annual survey of more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide found that most audit plans for 2018 are impacted by the challenge of cybersecurity. Yet more progress is still needed, as one in five organizations, on average, is not including cybersecurity in its audit plans. The most commonly cited reason is a lack of qualified resources, specifically people, skills and/or auditing tools. Such shortcomings need to be addressed with urgency.

“Organizations are putting themselves at risk by not planning for and addressing existing and evolving cybersecurity threats within their audit plans,” said Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm’s IT Audit practice. “Planning for cybersecurity not only helps with risk management, but also helps address gaps that can come from digitalization. As more businesses accelerate the pace of technology transformation and increase their reliance on third-party vendors as part of their digital transformation efforts, the number and severity of cybersecurity risks is increasing.”

“Given the increased focus on digital transformation within organizations, it’s important for IT auditors to be involved throughout the entire technology project lifecycle to ensure policies and processes are put in place to mitigate risk,” said Theresa Grafenstine, chair of ISACA’s board of directors. “IT audit leaders looking to become more engaged within their organization’s major technology projects have to build credibility with executive management teams by demonstrating the value that the IT audit function provides.”

Top Technology Challenges

Asked to identify their top technology challenges, IT audit leaders and professionals cited IT security and privacy as their top priority. The top ten responses are:

  1. IT security and privacy/cybersecurity
  2. Infrastructure management
  3. Emerging technology and infrastructure changes –transformation, innovation, disruption
  4. Resource/staffing/skills challenges
  5. Regulatory compliance
  6. Budgets and controlling costs
  7. Cloud computing/virtualization
  8. Third-party/vendor management
  9. Project management and change management
  10. Data management and governance

The above listed areas portray an interrelated dynamic – emerging technologies and digital transformation place greater pressure on existing IT infrastructure and cause companies to explore alternative delivery models (e.g. through third-party arrangements), while giving rise to new cybersecurity and privacy risks – all of which require an evolution in the skill set of IT auditors.

The upcoming enactment of the EU’s General Data Protection Regulation (GDPR), which establishes new compliance requirements for information security and data privacy, further highlights the importance of effective data management and protection of organizational data.

“With regulators beginning to look more closely at the security and management of organizational data, we encourage IT audit teams to be aware of all data that an organization processes, where it resides and how it’s being protected,” added Struthers-Kennedy. “While the increase in data capture and processing activities offers opportunities for enhanced business insight and competitive advantage, it also adds significant risk and therefore data protection needs to be prioritized.”

IT Audit’s Growing Importance

It’s clear that IT audit teams are of growing importance in organizations. This survey is the first one since the survey began that finds at least half of all organizations polled have a dedicated IT audit director (or equivalent position). This is a significant increase from just five years ago when only one in three organizations had a dedicated IT audit director.

Still, there is room to grow in how the IT audit function is viewed by business partners and board members within an organization. Overall, less than half of respondents indicate that their CAE or IT audit director meets regularly with their company’s CIO to help develop the IT audit plan. Regular meetings with business leaders can help not only with timely risk identification but also to convey the value audit teams deliver.

About the Survey Report and Resources Available

The 2018 IT Audit Benchmarking Survey consisted of a series of questions in six categories: Emerging Technology and Business Challenges; IT Implementation/Project Involvement; IT Audit in Relation to the Overall Audit Department; Risk Assessment; Audit Plan; Cybersecurity and Skills, Capabilities and Hiring. The full survey report, along with an infographic and a short video, is available for complimentary download from ISACA here and from Protiviti here.

Protiviti and ISACA will host a complimentary one-hour webinar titled, “Today’s Top Technology and the Relationship to the Audit Plan” on May 22 at 9:00 a.m. PDT. Protiviti’s Struthers-Kennedy will be joined by ISACA’s Robin Lyons, technical research manager, for a discussion of the key trends emerging from the survey results. Please register here.

About Protiviti 


Protiviti (www.protiviti.com) is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Through its network of more than 70 offices in over 20 countries, Protiviti and its independently owned Member Firms provide clients with consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit.

Named to the 2018 Fortune 100 Best Companies to Work For® list, Protiviti has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

About ISACA

ISACA® (isaca.org) helps professionals around the globe realize the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organizations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organizations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organizations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.


Previous Post

An Evolving Workforce Poses New HR Compliance Challenges

Next Post

New SEC Guidance Prioritizes Cybersecurity Disclosures for Public Companies

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

Kovr 2F Partnership

Kovr.ai Partners With Second Front Systems for Government Software Accreditation

by Corporate Compliance Insights
May 22, 2025

Kovr.ai and Second Front Systems have partnered to automate software accreditation processes for government agencies through a combined platform that...

SolidusLabs Launch

Solidus Labs Launches AI Agent for Trade Surveillance

by Corporate Compliance Insights
May 22, 2025

Solidus Labs has launched an agentic AI system for trade surveillance workflows at financial institutions. The New York-based firm's platform,...

TrustCloud Funding

TrustCloud Raises $15M

by Corporate Compliance Insights
May 22, 2025

Security assurance platform TrustCloud has raised $15 million in strategic funding led by ServiceNow Ventures. Cisco Investments, Presidio Ventures, OpenView...

Diligent Vault M&A

Diligent Acquires AI E&C Provider Vault

by Corporate Compliance Insights
May 22, 2025

GRC software provider Diligent has acquired Vault, an AI-powered ethics and compliance platform, to integrate speak-up technology and investigation tools...

Next Post
biometric screening of a thumbprint

New SEC Guidance Prioritizes Cybersecurity Disclosures for Public Companies

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights