top of page

Cyberthreats and IT Governance Are Top Concerns for Auditors in 2023

  • Gartner Says Cyberthreats and IT Governance Are Top Concerns for Auditors in 2023

  • Annual Audit Plan Hot Spots Report Identifies Top 12 Risk Areas for 2023



Cyberthreats and IT governance are top risk areas for internal auditors to address in their audit plans for 2023, according to Gartner, Inc. The Gartner 2023 Audit Plan Hot Spots Report identifies the top 12 risk focus areas for Chief Audit Executives (CAEs) to help them identify risks to their organizations and plan audit coverage for 2023.


“Cyberthreats remain a perennial concern for CAEs, yet the drivers of this risk have evolved as a result of new geopolitical conflicts and the heightened prospect of state-sponsored attacks,” said Leslee McKnight, vice president for the Gartner Legal, Risk and Compliance practice. “Mitigation plans need to be revisited to reflect the evolution of the risk and prepare the organization to meet increasingly stringent disclosure requirements in the event of a breach.”


Adjacent hot spots, such as ensuring adequate IT governance and third-party risk management, contribute to a challenging outlook for mitigating the full array of potential cyberthreats facing organizations in 2023. While most CAEs indicated they planned to address cybersecurity in their plans next year, only 42% of survey respondents expressed a high level of confidence in their ability to provide adequate assurance in this area.


Gartner’s annual report is based on a survey of 112 CAEs completed in August 2022, additional structured interviews with CAEs and IT Audit leaders, as well as data and insights generated from cross-functional Gartner research throughout 2022. The top risk focus areas identified from this process are listed below.


2023 Audit Plan Hot Spots

  • Cyberthreats

  • IT Governance

  • Data Governance

  • Third-Party Risk Management

  • Organizational Resilience

  • Environmental, Social and Governance (ESG)

  • Supply Chain

  • Macroeconomic Volatility

  • Workforce Management

  • Cost Pressures

  • Culture

  • Climate Degradation


Rethinking Resilience


Three key themes drove the risks this year including a “renationalization of resources” and a “triple squeeze” of growing cost pressures, supply chain risks and labor scarcity. The final theme, the need to “rethink organizational resilience,” is unique as its own distinct risk area and a driver of a multitude of other risks.


The ability to withstand crises and disruptions may become more critical next year, and many organizations still take a limited view of resilience, mostly focused on business continuity and IT disaster recovery. This narrow view of resilience fails to account for additional risks impacting resilience including greatly increased economic volatility and impacts from climate degradation.


“Rethinking resilience is a key theme that underlies a diverse set of risks facing organizations in 2023, including economic volatility, climate degradation and third-party risk management,” said McKnight. “Currently less than one third of audit leaders are highly confident in their team’s ability to provide assurance over organizational resilience risk, and more concerning, less than half plan to cover organizational resilience in audit activities in the coming year.”


McKnight further noted that the increasingly interconnected risk landscape increases the chances for cascading risks, where one risk causes additional risks to manifest for an organization, a scenario that few organizations are actively planning against today.


Gartner's hot spots research enables audit departments to do the following:


1. Benchmark Audit Plan Coverage

Compare, validate and further examine audit plan coverage.

2. Educate the Audit Committee

Educate the audit committee on the current risk trends that affect global organizations.

3. Drive Audit Team Discussions

Enable audit teams’ discussions during audit engagement planning and scoping.

4. Assess Key Risks

Determine appropriate questions to ask management during risk assessment and audit scoping.



You can complete free registration to read more in 2023 Audit Plan Hot Spots.

1 view0 comments

Comentarios


connexion_panel_edited.jpg
CXO_8-in-1.png
subscribe_button.png
bottom of page