No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Internal Audit

Why 2019 Could Be a Challenging Year for Internal Audit

External Threats Loom Large

by Malcolm Murray
November 13, 2018
in Internal Audit
illustration of businessman jumping hurdles

With 2019 planning on the horizon, audit teams are beginning to consider external factors that threaten to disrupt the success of their organization’s key objectives. Gartner’s Malcolm Murray, Rafael Go and Leslee McKnight analyze 11 key risks, connected by four major risk themes, that can help audit teams more effectively identify risks to their organization and their impact on the audit function and their stakeholders.

with co-authors Rafael Go and Leslee McKnight

Ongoing favorable macroeconomic conditions have enabled organizations to continue pursuing growth strategies, adopting technologies such as RPA and cloud, engaging in extended M&A activities and expanding into foreign markets. To provide effective assurance over all these new initiatives, risks that are more strategic and technical in nature are increasingly being included on audit’s radar, expanding its breadth of risk coverage.

Each year, Gartner creates our annual Audit Plan Hot Spots report by combining input from interviews and surveys with over 200 chief audit executives (CAEs) from across our global network of client organizations, as well as extensive secondary literature reviews. This year, we discovered four key trends underlying the risks expressed by CAEs as being critical to guide their audit planning for 2019.

Theme 1: The Strategic Importance of Data

A growing number of organizations are using data as the basis for their business strategy and to improve customer experience. Data is also critical to the implementation of transformative technologies like robotic process automation (RPA) and artificial intelligence (AI). While harnessing data can be a source of competitive advanhttp://tag/robotic-process-automation/tage, with big data comes big risks in terms of data quality, protection and responsible use. The following risks form a large component of the following hot spots this year:

Data Governance

Most organizational data is riddled with errors, so business decisions are often made using low-quality data. To reduce misguided decision-making and increase data-use efficiencies across the organization, data governance is paramount, yet most organizations lack data governance frameworks or are facing implementation challenges that severely hamper their ability to unlock the big data’s potential.

Data Privacy

With the increase in new regulations and public scrutiny of organizations’ mishandling of data, data privacy is a top concern for organizations across the board. Security threats continue to grow —evidenced by the rise in data breaches — exposing organizations to regulatory fines and sanctions, as well as a potential loss of customers due to a lack of trust in organizations’ data protection capabilities.

Ethics and Integrity

As organizations race to implement new technologies, consideration of bias and ethics in digital initiatives often takes a back seat. However, regulators and consumers alike are starting to demand more accountability for ethics and integrity from organizations, forcing them to rethink whether and how they should be leveraging digital capabilities.

Audit can help the organization tackle data-related risks by participating in relevant working committees to provide input as governance frameworks are being built and conducting assurance projects around data usage, access, classification and training.

Theme 2:  IT Vulnerabilities

The growing complexity of organizations’ technology infrastructures and increased use of new technologies — such as chatbots and the internet of things (IoT) — expand access points into the organization. Many of these technologies go unmonitored or are slow to be patched. The growing use by threat actors of advanced tools such as AI increases potential attack points and the frequency of attacks. Reliance on IT systems also makes them more susceptible to outages and downtime, which most organizations experienced at least once in the last year. Such outages can cripple productivity, reduce revenue and damage the organization’s brand. To protect the advantages that technology offers, organizations must overcome the following hot spot risk areas:

Cybersecurity Preparedness

Cyberattacks are a reality for almost all organizations and result in significant financial loss, reputational damage and potential compliance issues. As threat actors continue to multiply and new technologies broaden the organization’s attack surface, cybersecurity preparedness is critical.

Cloud Computing

Seeking cost savings and efficiencies, more organizations are moving significant amounts of data and processes to the cloud, including sensitive and highly valuable information. With limited visibility into cloud providers’ activities and a multitude of cloud applications being used throughout the organization, cloud computing poses significant risks, such as data loss, outages and inappropriate data access.

There are several activities audit departments can perform to provide assurance over IT vulnerabilities, including assessing encryption, patch and vendor management and checking IT controls such as policies on privileged user accounts and cloud application security configurations.

Theme 3: Cost and Growth Pressures

Organizations face growing challenges to their business models from disruptive competitors. Consequently, organizations are rapidly undertaking more digital transformation projects, expanding into new sectors and markets and redesigning business strategies to keep pace. However, in seeking cost efficiencies and adopting new growth strategies, organizations need to be wary of weakening the control environment or deprioritizing governance and oversight. In addition, organizations must ensure that they have the workforce needed to meet their changing business objectives and strategies. Dependence on these new business strategies can manifest in the following risks:

Third Parties

As organizations look to maintain competitiveness and relevance in the digital marketplace, they are expanding their reliance on third parties. The interconnectedness of these relationships — as more businesses pursue ecosystem business models and third parties increase their own reliance on partners — amplifies operational and regulatory risk exposure.

Digital Business Transformation

Organizations are undergoing significant digital business transformation. These large undertakings are often executed rapidly, creating significant risk. These risks include reduced governance and oversight, as well as unintended consequences of increased fraud and potential resource waste.

Strategic Workforce Planning

Quick adoption of emerging technologies and automation creates uncertainty in determining the talent needs for achieving business objectives. Similarly, the broader use of data analytics and growing cybersecurity threats increase the demand for more technical talent, which can be hard to find and recruit. Combined, these factors make long-term strategic workforce planning exceedingly difficult.

For these risks, audit should conduct assurance projects focused on vendor and supplier contracts, improve governance of digital and automation projects, perform skills assessments and align the frequency and extent of updates to strategic assumptions.

Theme 4: Shortened Planning Horizons

Uncertainty and volatility have been prevailing features of 2018 and are likely to also be for 2019. The number of disruptions threatening business operations continues to grow, while many important policy questions remain unresolved.

Instability around the globe could precipitate economic decline and increase regulatory fragmentation. Growing scrutiny from both regulators and the public have forced organizations to consider accountability for their actions and rethink certain practices. All of these factors can make it harder for organizations to anticipate what needs to be included in scenario planning exercises, as well as to develop long-term strategies in a seemingly unpredictable environment. From this, the following risks emerge:

Regulatory Uncertainty

The volume and complexity of regulations organizations must comply with are mounting. More regulatory scrutiny in established areas, combined with regulatory uncertainty in new areas, like the digital economy, make it difficult for organizations to form long-term strategies and meet compliance requirements.

Operational Resilience

The number and scale of both internal and external factors that can disrupt business operations are ever increasing, yet many organizations are ill prepared to maintain critical business operations in the event of a disruption. Changing economic conditions and limited risk awareness can challenge operational resilience, eroding business value and competitiveness as organizations are unable to adapt and respond to changing conditions.

Trade and Tariffs

The global trade system faces the highest level of uncertainty in decades, and imposed and impending tariffs threaten organizations, supply chains and growth strategies. While the current volatility in the geopolitical environment raises uncertainty surrounding trade and tariffs, many organizations have already started feeling the consequences of trade restrictions.

Audit can help the organization mitigate these risks by reviewing the frequency of and inclusions in scenario planning, assessing the organization’s risk awareness and tolerance and evaluating the organization’s mechanisms for monitoring change in the regulatory and economic environment.

Internal Audit’s Challenge

Across 2019, it will be critical for organizations to manage these 11 risks. To do so, audit must provide assurance over perennial as well as new, increasingly dynamic risks, requiring the function to adapt its approach while maintaining its objectivity and independence.


Tags: Artificial Intelligence (AI)Big DataCloud ComplianceData BreachInternet of Things (IoT)Robotic Process Automation (RPA)
Previous Post

Does the DOD’s MLA Interpretive Rule Really Help Servicemembers?

Next Post

Private Equity in DOJ’s Line of Fire

Malcolm Murray

Malcolm Murray

Malcolm Murray is Research VP and Fellow at Gartner. He works with heads of Audit at Fortune 500 companies to better leverage data analytics, automation and other assurance functions to drive actionable change within their organizations. A Chartered Financial Analyst, originally from Stockholm, Sweden, Malcolm holds an M.Sc. in Business and Economics from the Stockholm School of Economics, an MBA from INSEAD and a Master of International Management from HEC in Paris.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

DALL·E 2023-02-16 13.18.43 - magritte style painting of robot looking into mirror

A Bot Isn’t Going to Take Your Place, But AI Will Make Your Job Harder

by Jennifer L. Gaskin
March 8, 2023

OpenAI’s splashy ChatGPT rollout has generated untold amounts of text, both directly and indirectly. While much of what’s been written...

cloud computing security

Cloud Security Isn’t Just on Your Provider; It’s Your Job, Too

by Wolters Kluwer
March 1, 2023

Organizations want to embrace all the benefits the cloud has to offer while still protecting their sensitive data. Engaging a...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

Next Post
lying businessman holding cash

Private Equity in DOJ’s Line of Fire

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT