Tackling Technology Risks: What Is Internal Audit's Role? [INFOGRAPHIC]

Jean Loh

A global survey by the Global Internal Audit Common Body of Knowledge (CBOK) identified 10 technology risks that are on the top of every finance executive’s list. Not surprisingly, cybersecurity ranks high. However, also included are organizational and workforce issues that, as we all know, are a bit more painful to address.

  1. Data breaches
    • Conduct annual scans and stress tests and ensure that these are aligned to the company’s crisis management plan. Perform audit of network architecture to ensure compliance.
  2. Insufficient information security
    • Ensure that the company’s information security program is efficient and compliant with standards. Include both cybersecurity and physical security of data in planned internal audits.
  3. High failure rate for IT systems development projects
    • Get involved in new IT developments, performing audits on each development’s lifecycle to ensure proper implementation.
  4. Low level of IT governance
    • Act as a bridge between the business and IT. Perform audits to ensure that IT activities align with the organization’s strategic objectives. Pinpoint risks that may negatively affect the finance function.
  5. Outsourced IT services
    • Get involved in screening vendors and ensure that agreements comprehensively cover points such as business continuity and disaster recovery.
  6. Irresponsible social media use
    • Become a consultant to the business in communicating the risks tied to social media. Incorporate social media audits to planned annual audits.
  7. Growing use of mobile devices
    • Conduct audit of management of lost or stolen devices and confirm that any sensitive information stored is encrypted in order to minimize risk.
  8. Lack of IT skills
    • Fully understand the resources and skill shortages in the company and identify opportunities to fill gaps.
  9. Rapid emerging technologies
    • Provide oversight and guidance regarding risks in adoption of new technology.
  10. Limited awareness of technology of the board
    • Become a bridge and educator about technology and its risks and benefits to the board.

Being proactive and keeping track of relevant technology trends is crucial for internal auditors. Doing this will help them become trusted advisers on how emerging technologies can impact their organizations.

Read the full report here.

To learn more about how finance executives can empower themselves with the right tools and play a vital role in enterprise risk management, visit here.


Jean Loh

About Jean Loh

Jean Loh is the director, Global Audience Marketing at SAP. She is an experienced marketing and communication professional, currently responsible for developing thought leadership content that is unbiased and audience-led while addressing market challenges to illuminate and solve the unmet needs of CFOs, CIOs, and the wider global finance and IT audience.