Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorNewsBreadcrumb SeparatorPress ReleasesBreadcrumb SeparatorNavigating Top 10 Technology Risks

Navigating Top 10 Technology Risks

New CBOK report offers direction on IT governance, cybersecurity, more

ALTAMONTE SPRINGS, Fla. (Aug. 26, 2015) — From battling cyberattacks to protecting customer data, navigating technology risks is a top priority for organizations, and internal auditors are at the forefront of that effort.

A global survey of internal audit practitioners suggests organizations understand the importance of recognizing and responding to tech-related risks, but the size of a company or the level of maturity of the internal audit function often can significantly influence how effectively they handle the risks thrown their way.

A new report from The Institute of Internal Auditors Research Foundation (IIARF) ranks the biggest tech risks and outlines internal audit’s role in managing them. The authors of Navigating Technology’s Top 10 Risks developed the ranking based on data from the CBOK 2015 Global Internal Audit Practitioners survey as well as interviews with chief audit executives (CAEs) and IT specialists from Africa, Latin America, the Middle East, Europe, Canada and the United States.

“The technology risks organizations face today are increasingly complex, and a sophisticated, well-thought-out approach is required to management them,” said IIA President Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “This new report offers important insight and direction for organizations to examine different risk areas and develop plans for addressing them.”

Not surprisingly, cybersecurity ranks at the top of the list. More than 70 percent of CBOK survey respondents consider the risk of a data breach as extensive or moderate, which jumps to 82 percent among IT specialist. What is surprising was how significantly internal audit’s role in cybersecurity varies, depending on the size of the organization. For smaller organizations (fewer than 1,500 employees), half report minimal or no cybersecurity-related audits. For larger organizations, four in 10 report extensive internal audit activity related to cybersecurity.

Beyond IT and information security issues, the report also tackles social media, mobile computing, IT skills among internal auditors, and building awareness of technology issues among board and audit committee members.

Authors Philip E. Flora, CIA, CISA, CFE, CCSA, and Sajay Rai, CPA, CISSP, CISM, urge internal auditors to be proactive in identifying emerging technologies that could impact their organization and to remain flexible in order to quickly adapt to changes in the technology landscape.

The report is the latest offering of more than two dozen planned through July 2016 based on data collected in the CBOK survey. The Global Internal Audit Common Body of Knowledge (CBOK) is the world’s largest ongoing study of the internal audit profession, including studies of internal audit practitioners and their stakeholders. More than 14,000 internal audit professionals from 166 countries and territories responded to the practitioner’s survey completed earlier this year.