COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner, Inc. Analysts said the pandemic is giving rise to new sets of risks while exacerbating long-standing vulnerabilities.
Gartner conducted interviews and surveys from across its global network of client organizations to identify the top 12 risks, or Audit Plan Hot Spots, facing boards, audit committees and executives entering 2021 (see Figure 1). The Audit Plan Hot Spots Report revealed that IT governance is displacing data governance, which was the top entry for 2020 and is in second position for 2021.
While the pandemic has created new challenges for audit executives to grapple with, whats most notable is how the current environment has accelerated existing risk trends, said Leslee McKnight, research director for the Gartner Audit practice. The volatility and interconnectedness of the two most important risks, IT and data governance, also shines a light on the importance for firms to rethink their risk governance. Audit leaders should apply dynamic risk governance in order to rethink their approach to designing risk management roles and responsibilities.
Figure 1. Audit Plan Hot Spots Dashboard
While the top three hot spots audit executives must focus on for 2021 all made appearances in last years list, they have all been altered by the nature of working in the pandemic:
- IT governance: Abrupt work-from-home mandates have accelerated digital roadmaps, causing many organizations to vault years forward in the space of a few weeks. This move has spurred the rapid adoption of new technologies both on the employee and customer side, presenting new challenges to productivity, consumer preferences and guarding against security vulnerabilities. CAEs need to assess how new technology adoption may be hobbling their IT departments plans, with IT support incident requests doubling in early 2020 to support a huge increase in work-from-home employees. Additionally, managing access rights for many more remote workers presents new risks such as privileged user abuse, which is expected to climb over the next 12 to 24 months according to a Gartner IT executive survey.
- Data governance: The pandemic means that organizations are expected to collect more sensitive personal information from employees and customers than ever before. Yet, data governance practices are regressing, with fewer dedicated resources to data privacy than in previous years. Organizations face increasingly complex data environments where their data is housed. Growth in software-as-a-service (SaaS) and delays to upgrading legacy systems have created work environments where data is distributed across disparate platforms, software and servers. Such complexities continue to test audit executives, with only 45% expressing high confidence in their ability to manage data governance risk.
- Cyber vulnerabilities: Cyber vulnerabilities are especially acute this year, due to the rapid organizational changes needed to protect employees and serve customers in the midst of a pandemic. Despite increased cybersecurity spending, only 24% of organizations routinely follow cybersecurity best practices, this will result in cyberattacks that are expected to cost organizations $6 trillion annually by 2021. Drivers of this risk include lapses in security controls and increased employee vulnerability to social engineering. More than half of employees are currently using personal devices to do work remotely, while 61% have indicated their employer has not provided tools to secure these devices. Additional security lapses include a lack of attention to employees home network security and status of antivirus software.
The pandemic is forcing many audit and risk executives to address their organizations deficiencies in the most critical areas, said Ms. McKnight. Inadequate data governance and IT security practices will have even steeper consequences in the current environment than pre-pandemic, particularly when considering the types of data many organizations feel compelled to collect as a result of new health and safety measures.
Gartner creates its annual Audit Plan Hot Spots report by combining input from interviews and surveys from across its global network of client organizations and experts. Gartner clients can read more in Audit Plan Hot Spots report.
Clients interested in Gartners research on dynamic risk governance can read Dynamic Risk Governance Is the New Risk Mandate.
Nonclients can find more information and download a summary of the report at 2021 Audit Plan Hot Spots Executive Summary.
About the Gartner Audit Practice
The Gartner Audit practice helps audit directors and their teams build plans that drive results, strengthen department capabilities, and minimize exposure to fraud and risk. Learn more at https://www.gartner.com/en/audit-risk.
Gartner, Inc. (NYSE: IT) is the worlds leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful organizations of tomorrow.
Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and an objective resource for more than 14,000 enterprises in more than 100 countries across all major functions, in every industry and enterprise size.
To learn more about how we help decision makers fuel the future of business, visit gartner.com.
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.