TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP TO THE AUDIT PLAN ISACA/Protiviti 6 th Annual IT Audit Benchmarking Survey March 15, 2017 Webinar
A REMINDER 1 We are recording today s webinar and it will be available for ondemand viewing following the live event. 2 If you are experiencing technical difficulties during the webcast, let us know by submitting questions through the Q&A area of your screen. 3 We encourage you to submit your questions throughout the webcast. We will address as many questions as possible during the dedicated Q&A event. 2
CPE CREDIT We are offering 1.0 CPE credit for this 60-minute webinar. To be eligible to receive this credit, please ensure you answer at least three (3) out of the four (4) polling questions. You will receive the CPE certificate via email approximately two (2) weeks after the webinar date. Conference Dial-In Numbers: Code #: 13657493 Participant (Toll-Free): 866-604-1616 Participant (Toll): 201-689-8043 3
TODAY S SPEAKERS Ed Moyle Ed is currently Director of Thought Leadership and Research for ISACA. Prior to joining ISACA, Ed was senior security strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 20 years in information security, Ed has held numerous positions including: senior manager with CTG's global security practice, vice president and information security officer for Merrill Lynch Investment Managers, and senior security analyst with Trintech. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as author, public speaker, and analyst. Emoyle@isaca.org 4
TODAY S SPEAKERS Gordon Braun Gordon is a Managing Director at Protiviti where he leads the Kansas City office and the global IT audit practice. For over seventeen years, Gordon has been providing risk consulting services across several industries. He is an active leader of Protiviti s central region internal audit practice and has a particular focus on assisting clients with the assessment and management of business risks associated with the deployment and maintenance of technology. Gordon has served as an engagement leader on multiple outsourced and co-sourced internal audit engagements. Gordon.Braun@protiviti.com 5
TODAY S SPEAKERS David Brand David is a Managing Director and market leader in Protiviti s Atlanta office. He also leads Protiviti s southeast region. He has over 20 years experience working with companies across multiple industries in the areas of IT auditing, computer-assisted auditing techniques, audit formation, risk assessments and audit committee reporting. David.Brand@protiviti.com 6
OUR JOINT STUDY 6th Annual IT Audit Benchmarking Survey The IT audit function has never held a more crucial role. From substantial cybersecurity, privacy and infrastructure challenges and management issues to the implementation of new technologies in the organization, IT auditors work closely with management and the board of directors to fulfill a vital role in helping maintain an effective control environment amid a changing business climate and dynamic global marketplace. The results of the latest IT Audit Benchmarking Study from ISACA and Protiviti illustrate the increasingly integrated role IT audit leaders and professionals are assuming in regard to technology initiatives in their organizations. 7
AGENDA FOR TODAY 1 ISACA and Protiviti partnered to conduct the sixth annual IT Audit Benchmarking Survey in the third quarter of 2016. 2 This global survey, conducted online, consisted of a series of questions covering five categories: Today s Top Technology Challenges Audit s Involvement in IT Implementation Projects IT Audit in Relation to the Internal Audit Department Assessing IT Risks Audit Plan Skills and Capabilities 8
AGENDA FOR TODAY 3 More than 1,000 executives and professionals, including chief audit executives as well as IT audit vice presidents and directors, completed the online questionnaire. 4 Today we will discuss: Key findings from the 6th Annual IT Audit Benchmarking Survey The top 10 technology challenges surfaced by the benchmarking participants How do these technology challenges relate to the internal audit plan? 9
KEY FINDINGS FROM THE IT AUDIT BENCHMARKING SURVEY
KEY FINDING #1 CYBERSECURITY CYBERSECURITY IS VIEWED AS THE TOP TECHNOLOGY CHALLENGE 01 This has been a highly ranked challenge in our prior years surveys, but still has increased in the importance and clearly is the top-of-mind concern for IT audit leaders and professionals. These results are consistent with the results of Protiviti s annual survey of technology leaders, which show that IT security and incident response capabilities dominates the priority lists for CIOs. 11
KEY FINDING #2 EXECUTIVE-LEVEL INTEREST THERE APPEARS TO BE MORE EXECUTIVE-LEVEL INTEREST IN IT AUDIT 02 A majority of IT audit leaders are regularly attending audit committee meetings, and many more are reporting directly to the CEO (though this reporting relationship may not be ideal). There also is more audit committee involvement in the IT audit risk assessment process. 12
KEY FINDING #3 CAE LEADERSHIP MORE CAES ARE BEGINNING TO CARRY LEADERSHIP FOR IT AUDIT DIRECTLY 03 CAEs are becoming increasingly IT-literate and appear to be taking on the daily management and leadership of the IT audit function, especially given technology s importance and risk level in most organizations. This is a positive trend as it provides the IT audit function and responsibilities with greater visibility. 13
KEY FINDING #4 KEY TECHNOLOGY PROJECTS MOST IT AUDIT SHOPS HAVE SIGNIFICANT OR MODERATE LEVEL INVOLVEMENT IN KEY TECHNOLOGY PROJECTS 04 While it is encouraging to find some involvement in the early stages of a project such as planning and design, IT audit functions are more frequently involved post-implementation. Given that a strong majority of organizations have implemented a new IT system or application within the past three years, there likely are opportunities for IT audit to become more involved earlier on with these initiatives. 14
KEY FINDING #5 IT AUDIT RISK ASSESSMENTS MOST PERFORM IT AUDIT RISK ASSESSMENTS, THOUGH A MAJORITY DO SO ANNUALLY OR LESS FREQUENTLY 05 Considering the growing risk landscape resulting from cybersecurity threats and merging technologies, more organizations should consider an approach that includes continually reviewing the IT risk landscape and adjusting IT audit plans accordingly. 15
TOP TECHNOLOGY CHALLENGES AND THE RELATIONSHIP TO THE AUDIT PLAN
TODAY S TOP TECHNOLOGY CHALLENGES 01 IT security and privacy/cybersecurity 06 Budgets and controlling costs 02 Infrastructure management 07 Cloud computing/virtualization 03 Emerging technology and infrastructure changes transformation, innovation, disruption 08 Bridging IT and the business 04 Resource/staffing/skills challenges 09 Project management and change management 05 Regulatory compliance 10 Third-party/vendor management 17
TODAY S TOP TECHNOLOGY CHALLENGES 01 IT SECURITY AND PRIVACY/CYBERSECURITY PRIOR YEAR RANK: #2 HOW DOES THIS IMPACT THE AUDIT PLAN? The global risks in this area have never been higher, and the magnitude is almost certain to intensify in the months and years to come. Cybercriminal activity against global companies surged in the past year, and there are growing signs suggesting that a form of global cyberwar has commenced. 18
TODAY S TOP TECHNOLOGY CHALLENGES 02 INFRASTRUCTURE MANAGEMENT PRIOR YEAR RANK: #4 HOW DOES THIS IMPACT THE AUDIT PLAN? IT infrastructure management has become a major challenge for organizations, particularly those that have aging cores of outdated information systems. A growing number of these organizations are electing to modernize their aging cores to achieve both increased agility and significant long-term savings in costs and resources. 19
TODAY S TOP TECHNOLOGY CHALLENGES 03 EMERGING TECHNOLOGY AND INFRASTRUCTURE CHANGES TRANSFORMATION, INNOVATION, DISRUPTION PRIOR YEAR RANK: #1 HOW DOES THIS IMPACT THE AUDIT PLAN? The most common drivers of transformational initiatives often include new functionality, cost optimization, operational improvement, adoption of emerging technology, and alignment between the IT organization and the business. It is important to understand IT transformation obstacles in the context of the unique challenges for your organization and industry. 20
TODAY S TOP TECHNOLOGY CHALLENGES 04 RESOURCE/STAFFING/SKILLS CHALLENGES PRIOR YEAR RANK: #3 HOW DOES THIS IMPACT THE AUDIT PLAN? In today s market, it s a challenge to find qualified and experienced IT auditors, and talent levels are below where many organizations want them to be. Not only was this noted by respondents as one of today s top IT challenges, this is supported in numerous results within the survey. 21
TODAY S TOP TECHNOLOGY CHALLENGES 05 REGULATORY COMPLIANCE PRIOR YEAR RANK: #9 HOW DOES THIS IMPACT THE AUDIT PLAN? Increasing, and increasingly sophisticated, cyberattacks will likely result in more regulations and oversight, as governments and regulatory authorities seek to bolster protections of consumer and organizational data. This is especially an issue for organizations in highly regulated industries. 22
TODAY S TOP TECHNOLOGY CHALLENGES 06 BUDGETS AND CONTROLLING COSTS PRIOR YEAR RANK: #10 HOW DOES THIS IMPACT THE AUDIT PLAN? IT budgets are rising. Investments in running IT operations and maintaining technology through the business consume large portions of IT budgets, often followed by investments in improvements and innovation, security and compliance. 23
TODAY S TOP TECHNOLOGY CHALLENGES 07 CLOUD COMPUTING/VIRTUALIZATION PRIOR YEAR RANK: #5 HOW DOES THIS IMPACT THE AUDIT PLAN? Cloud adoption and virtualization will continue to take place in the coming years. The widespread adoption of infrastructure as a service, software as a service and platform as a service will require significant planning and changes. 24
TODAY S TOP TECHNOLOGY CHALLENGES 08 BRIDGING IT AND THE BUSINESS PRIOR YEAR RANK: #6 HOW DOES THIS IMPACT THE AUDIT PLAN? Technology risk is a significant component of critical enterprise risks. It is important that internal audit understand the technologyrelated risks that present threats to the business model. Audit should follow these developments closely because of the potential audit and disclosure implications they may have. 25
TODAY S TOP TECHNOLOGY CHALLENGES 09 PROJECT MANAGEMENT AND CHANGE MANAGEMENT PRIOR YEAR RANK: #7 HOW DOES THIS IMPACT THE AUDIT PLAN? In organizations today, there is a growing number of critical initiatives underway as they undergo the types of IT transformation, cloud, digitization and big data projects. However, there are significant roadblocks, both technological (legacy systems and processes) and cultural (change management problems and skills gaps) in nature. 26
TODAY S TOP TECHNOLOGY CHALLENGES 10 THIRD-PARTY/VENDOR MANAGEMENT PRIOR YEAR RANK: NA HOW DOES THIS IMPACT THE AUDIT PLAN? Organizations that rely on IT service providers have found that they must increase the maturity of their vendor management processes. Managing infrastructure is changing as operations and services shift to the cloud. 27
ARE THESE TOP TECHNOLOGY CHALLENGES ADDRESSED IN THE AUDIT PLAN? 01 IT security and privacy/cybersecurity 06 Budgets and controlling costs 02 Infrastructure management 07 Cloud computing/virtualization 03 Emerging technology and infrastructure changes transformation, innovation, disruption 08 Bridging IT and the business 04 Resource/staffing/skills challenges 09 Project management and change management 05 Regulatory compliance 10 Third-party/vendor management 28
QUESTIONS? 29
THANK YOU FOR ATTENDING Visit www.protiviti.com/itauditsurvey to download the publication. Visit www.isaca.org/2017itauditstudy to download the publication. 30