IT Auditors Still Have a Ways to Go to Secure Systems
A recent survey from Protiviti and ISACA found that 37 percent of businesses have yet to cybersecurity in their audit plans.
April 12, 2018 at 10:34 AM
3 minute read
|
Organizations have responded the current cybersecurity landscape with a great deal of anxiety and thought, but often not a whole lot of follow through. That may, however, be changing.
A new survey co-authored by consulting services group Protiviti and information management systems professional organization ISACA found that while awareness and concern around cybersecurity is increasing overall, 37 percent of businesses did not address cybersecurity in their 2018 audit plans. The study polled over 1,300 IT audit professionals and executives across the globe.
Andrew Struthers-Kennedy, managing director for Protiviti's global IT audit practice, noted that while these numbers perhaps aren't where they should be, they continue to increase year over year.
Struthers-Kennedy attributed a lot of the shift to the rapid growth of data aggregation and usage in organizations. IT audit leaders are increasingly managing third-party vendor audits and internal information governance regimes rife with data of varying kinds.
“Both of those are a function of the changes some organizations are undertaking. They're moving services to third parties or cloud providers, they're providing technologies that are capturing and creating vast numbers of data elements, they're looking to use those data elements to drive decision-making,” Struthers-Kennedy said.
With the influx of data comes a whole set of new competencies that IT auditors are responsible for managing, from big data analytics to internet of things-wired devices (IoT). The survey found that although most organizations continue to run audits with exclusively internal staff, growing numbers of IT audit teams in all global regions are working with external teams or outside consultants to co-source their cybersecurity audits.
Struthers-Kennedy sees IT teams looking most to subject matter experts to address some of these newer data types. “Co-sourcing, I think it's just necessary in today's environment where there's such a high demand for technology resources of all types,” he said.
There are certainly plenty of places that Struthers-Kennedy sees potential room for IT auditors to improve their work. Developing stronger lines between IT auditors and third-party vendors and their business partners can be a way to clamp down on the risk of third-party data breach. “They need to be engaging with business partners a little more actively, so they can be a real-time risk adviser,” he suggested.
Additionally, while organizational leadership and boards of directors are starting to show more interest in technology and cybersecurity concerns overall, Struthers-Kennedy sees potential for corporate leaders to grow their knowledge bases. A recent study from law firm Fox Rothschild found that 27 percent of chief legal officers and in-house counsel never report to their directors on cybersecurity and data privacy. Indeed, the majority of respondents to the Protiviti and ISACA survey reported that their boards showed medium engagement and levels of understanding.
Struthers-Kennedy said most IT auditors report to audit directors, who translate those messages on to boards. Those boards, he said, should likely be able to understand and engage meaningfully with those technical reports. “This is not just an auditor responsibility but a management responsibility, but part of it is educating management and the board,” he said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250