Survey Reveals Top Technology Risks for IT Auditors: Navigating a Risk-Filled Horizon

As technology weaves itself into the fabric of modern business operations, the ever-evolving landscape of risks poses an ongoing challenge. The findings of the 11th annual Global Technology Audit Risks Survey, conducted by Protiviti in collaboration with The Institute of Internal Auditors (IIA), shed light on the pressing concerns occupying the minds of IT auditors and technology professionals.

Over the course of this comprehensive survey, conducted during the second and third quarters of 2023, insights were gathered from more than 550 participants, including senior executives, Chief Audit Executives (CAEs), IT audit directors, and technology professionals. The primary objective was to understand the perspectives of technology audit leaders and practitioners regarding the most critical technology-related risks organizations currently face. Additionally, the study aimed to explore the strategies, tools, and practices used to identify, manage, and mitigate these risks.

Here are the key findings from the survey:

1. Cybersecurity Reigns Supreme:

• Cybersecurity takes the top spot as the most pressing concern, with nearly 75% of all survey respondents identifying it as a high-risk area within the next 12 months.
• A more significant 82% of CAEs and technology audit leaders emphasize cybersecurity as a critical risk. The urgency for leaders and executives is to formulate effective mitigation strategies. As emerging technologies become increasingly integrated into business operations, the potential risks from next-generation cyber threats loom large over the next two to three years.

2. Emerging AI Risks:

• While only 28% of survey participants see AI (including generative AI) and machine learning (ML) as significant threats over the next 12 months, it is clear that AI is rising on the risk horizon. A notable 54% of respondents believe advanced AI systems, including generative AI, will pose substantial risks over the coming two to three years.
• With the wider adoption and integration of AI technologies into business processes, the inherent complexities and uncertainties become more pronounced. Alarmingly, few organizations feel that their level of preparedness or their technology audit groups' proficiency in handling AI, generative AI, and ML risks are currently at acceptable levels.

3. Bridging the IT Talent Gap:

• Addressing cyber- and AI-related risks demands a skilled workforce in these areas, and acquiring such talent is increasingly challenging. The need for organizations to attract, develop, and retain professionals with deep knowledge in these domains is a growing concern.
• Companies must focus on securing the necessary leaders and team members while nurturing and upskilling the existing talent pool. Failing to do so could expose businesses to substantial risks in the face of these evolving threats.

4. Other Noteworthy Threats:

• The audit function also identified other significant risks expected within the next 12 months. These include concerns related to third parties/vendors (60%), data privacy and compliance (58%), and transformations and system implementations (55%).
• These risks are further evidence of the dynamic and diverse nature of challenges facing organizations in the technology landscape.

This report draws upon data collected from a survey conducted between June and July 2023, involving 559 chief audit executives (CAEs) and IT audit professionals representing a diverse range of industries worldwide. It provides organizations with crucial insights into the technological challenges and risks that they must address to protect and enhance their digital operations. As technology continues to be an integral part of business strategies, IT professionals and organizations are required to remain proactive and vigilant, adapting their approaches to address these dynamic challenges and protect their digital infrastructures.