New study by Protiviti and ISACA underscores security risks looming large in today’s dynamic threat landscape
门洛帕克,加州. – A new survey conducted by Protiviti and ISACA found that cybersecurity is the chief risk for IT audit departments, with several related risks such as privacy and data as well as regulatory compliance also ranking as top concerns.
Responses to this year’s edition of the annual technology and audit benchmarking survey, 题为“IT审计对当今顶级技术风险的看法”,” indicate that IT audit teams are perceiving the current technology risk landscape as much more threatening than in the past. 与战争有关的网络攻击正在上升, the surge of sophisticated ransomware attacks is ongoing and remote work continues to subject many organizations to new cybersecurity risks. 然而,尽管担忧加剧, the survey revealed that one in five organizations do not expect their 2022 audit plans to address the risk of cybersecurity breaches.
“Given the increasingly complex and rapidly changing technology risk landscape we’re in, it’s imperative for IT audit leaders to understand they are responsible for maintaining a holistic view of IT risks impacting the entire organization,安吉洛·普里卡科斯说, a managing director at Protiviti and global leader of the firm’s Technology Audit practice. “This requires tech-enablement from an audit standpoint and regular calibration of risk assessments to suit the current environment, rather than ‘rinsing and repeating’ the work from previous years.”
“The elevated cybersecurity concerns evidenced in this year’s survey underscore that cyber threats are no longer concentrated within specific industries. 这是一个与行业无关的问题, 每个组织都应该动员起来保护自己. While IT audit teams may not be on the front lines managing these risks, it’s essential that they take a proactive approach to regularly assess the efficacy of these efforts while confirming the proper controls and protections are in place,普里卡科斯补充道.
2022年的十大IT审计风险
The survey asked respondents to rate the significance of 39 technology risk issues. Of those, the top 10 IT audit risks identified were as follows:
- Cyber breach
- 管理安全事件
- Privacy
- 监控法规遵从性
- Access risk
- Data integrity
- 灾难恢复
- 数据治理
- 第三方风险
- 监控/审核IT、法律和法规遵从性
The top risks cited in this year’s survey highlight the vital yet sensitive role that data plays in organizations today, with respondents expressing significant concerns regarding the way in which data is gathered, 受管理和担保. Respondents also demonstrated that IT audit professionals are acutely aware of the evolving compliance requirements facing their organizations, 与数据管理相关, 行业标准, 以及国家和地区的要求.
“全球都在关注数据监管, it may be easy to view data solely through a lens of compliance,保罗·菲利普斯说, ISACA director of Event Content Development and Risk Professional Practice lead. “However, consumer concern with how their data are used and stored and other operational matters that can quickly become reputational matters must not be discounted. As IT auditors assess risk and evaluate controls associated with data, the tremendous organizational value (and responsibility) of data and the importance of trust should always be top of mind.”
这份基准报告是基于一项调查, 该项目将于2021年第四季度投产, of over 7,500名IT审计领导和专业人员, including chief audit executives (CAEs) and IT audit vice presidents and directors, 代表着全球范围内广泛的行业. 这项调查是与 ISACA, a global professional association of more than 165,000 digital trust professionals.
可用的调查资源
“IT Audit Perspectives on Today’s Top Technology Risks” is available for complimentary download, along with an infographic and podcast about the survey results, here. 2022年7月28日上午11点.m. PDT, Protiviti will host a free one-hour webinar to further explore the implications of the survey. 主讲人将是Poulikakos, 菲利普斯和梅芙·拉克, Protiviti技术审计部门的主管. 请登记 here 参加网络研讨会.
About Protiviti
Protiviti (www.protiviti.com)是一家提供深厚专业知识的全球咨询公司, 客观的见解, 量身定制的方法, and unparalleled collaboration to help leaders confidently face the future. Protiviti and its independent and locally owned Member Firms provide clients with consulting and managed solutions in finance, technology, operations, data, digital, legal, governance, risk and internal audit through its network of more than 85 offices in over 25 countries.
Named to the 2022年财富100强最适宜工作的公司® 在美国,Protiviti已经服务了超过80%的公司 Fortune 百分之一百和将近百分之八十 Fortune 500 companies. 该公司还与较小的公司合作, 越来越多的公司, 包括那些打算上市的公司, 还有政府机构. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). 罗致恒富成立于1948年,是S&P 500 index.
About ISACA
ISACA® (m44kmbbu.sceduc.net) is a global community advancing individuals and organizations in their pursuit of digital trust. 50多年了, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, 培训和澳门赌场官方下载发展他们的事业, 改变他们的组织, 建立一个更可信、更有道德的数字世界. ISACA is a global professional association and learning organization that leverages the expertise of its more than 165,000 members who work in digital trust fields such as information security, governance, assurance, risk, 隐私和质量. It has a presence in 188 countries, including 225 chapters worldwide. 通过其基金会One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
Media Contacts
Bridget Drufke, bdrufke@sceduc.net, +1.847.660.5554
Kathy Keller, kathy.keller@protiviti.com, +1.408-808-3242
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
编者注:照片可按要求提供.
