Financial losses from social media are among the top concerns of internal auditors, according to a new survey.
The survey, by the consulting firm Protiviti, found that internal auditors’ most important concerns related to social media risks include not only financial losses, but also interruptions in business continuity, loss of intellectual property, loss of employee property, viruses and malware.
The annual survey found that 47 percent of the more than 600 internal auditors it surveyed said they do not include cybersecurity risk related to social media in their audit plans.
Despite some signs of progress, this year’s survey results suggest companies need to make drastic improvements. For organizations that do have social media policies, significant concerns remain as many still fail to address critical issues. For example, in cases where respondents said a social media policy is in place, survey results indicated that nearly 30 percent fail to address disclosure of employee information, while only 66 percent address information security.
“It’s clear based on the survey results that companies are not doing enough to address social media risks and safeguards, and in turn are facing undue exposure to significant risks to their business,” said Protiviti executive vice president of global internal audit Brian Christensen in a statement. “These results should persuade the board, executive management and CAEs to take a more active and vigilant approach to managing social media risks.”
Internal audit professionals who responded to the survey assessed their competency in 49 areas of technical knowledge and then indicated whether they believe their knowledge is adequate or needs improvement. Based on the findings, Protiviti found that the top areas for technical knowledge improvement are:
1. Mobile applications
2. NIST Cybersecurity Framework (a new addition to the survey)
3. Social media applications
4. Cloud computing
5. Data analysis technologies
Survey respondents also evaluated 35 areas of audit process knowledge in terms of where they need to improve. The top priorities are:
1. Computer-assisted audit tools
2. Data analysis tools for data manipulation
3. Data analysis tools for statistical analysis
4. Auditing IT using new technologies
5. Data analysis tools for sampling
The results demonstrated that internal auditors are intent on improving the way they leverage technology, with a focus on methods for continuous monitoring and auditing, as well as advanced data analysis techniques. The survey also indicated a desire to improve and become more proactive in dealing with technology-related risks by auditing IT security more effectively and improving approaches to fraud monitoring.
Survey findings about personal skills and capabilities demonstrated a growing desire for internal auditors to work more collaboratively within the internal audit function and throughout their companies. In particular, chief audit executives identified the importance of communicating the role and importance of the audit function to internal and external partners.
The complete report is available at http://www.protiviti.com/IAsurvey.