Internal audit professionals are making progress in meeting cybersecurity and data privacy standards, according to a new report, but a great deal of work remains, with many of the surveyed organizations rating themselves as less than “very effective” at addressing their cybersecurity risks.
The report, from the consulting firm Protiviti, found a clear, positive correlation between a high level of board engagement in information security (30 percent of respondents) and an organization’s ability to acceptably manage cybersecurity risk.
More than half (53 percent) of respondents to the survey noted that cybersecurity evaluation has been included in their current audit planning. Of those organizations, 60 percent have used the NIST Cybersecurity Framework to measure and evaluate existing programs.
IT audit professionals are focused on making improvements in the areas of auditing IT security, computer-assisted audit tools, marketing internal audit internally, and monitoring fraud.
“Across the globe, businesses are continuing to experience cybersecurity issues, challenges and breakdowns,” said Brian Christensen, executive vice president of global internal audit and financial advisory at Protiviti, in a statement. “Our survey shines a light on the evolving set of challenges faced by internal audit professionals as they work to incorporate cybersecurity frameworks into business processes. Those professionals who continue to engage board members and define cybersecurity measures within their annual audit plans will be poised to effectively mitigate future threats.”
More than 800 internal audit professionals, including chief audit executives, participated in Protiviti's ninth annual survey to assess the top priorities for internal audit functions. Along with a review of cybersecurity management and processes, the survey assessed general technical knowledge, audit process knowledge, and personal skills and capabilities.
The full report, “From Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions,” with survey results and analysis is available at
