Protiviti Internal Audit Capabilities and Needs 2016 Survey Report
-
Upload
jennyhollingworth -
Category
Business
-
view
117 -
download
1
Transcript of Protiviti Internal Audit Capabilities and Needs 2016 Survey Report
Stakeholders in the C-suite and boardroom, and throughout the organization, rely on their internal audit functions to provide assurance- and compliance-related activities. But increasingly these contributions represent just the tip of the iceberg. Amid ongoing business transformation, internal audit is monitoring cybersecurity risks lurking just beneath the surface, while also focusing on emergingtechnologies and the organization’s long-term strategy.
For more information, visit Protiviti.com/IASurvey.© 2016 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans.
Protiviti is not licensed or registered as a public accounting firm anddoes not issue opinions on financial statements or offer attestation services.
Arriving at Internal Audit’s Tipping PointAmid Business Transformation
Top 10 Internal Audit Priorities for 2016*
1. ISO 27000 (information security)2. Mobile applications3. NIST Cybersecurity Framework4. GTAG 16 – Data Analysis Technologies5. Internet of Things6. Agile risk and compliance7. ISO 14000 (environmental management)8. Data analysis tools – statistical analysis9. Country-specific ERM framework10. Big data/business intelligence
Top 10 Priorities for CAEs in 2016
1. Big data/business intelligence2. ISO 31000 (risk management)3. ISO 9000 (quality management and quality assurance)4. GTAG 17 – Auditing IT Governance5. Continuous monitoring6. Auditing corporate culture7. Marketing internal audit internally8. Quality assurance and improvement program 9. Fraud – management/prevention10. Auditing IT – continuity
Percentage of companies that have received inquiries from customers, clients or insurance providers about the organization’s stateof cybersecurity
Percentage of organizations, by level of boardengagement in information security risks, in which
there are specific areas of cybersecurity risk that are notaddressed sufficiently due to lack of software tools:
High level of board engagement
Lower level of board engagement
Organizationsevaluating and auditing
cybersecurity risk as partof their audit plan:
2016
73%2015
53%
Organizations with a cybersecurityrisk strategy and policy in place
Strategy 88% 59%
Policy 83% 53%
CybersecurityPart of Audit Plan
Cybersecurity NotPart of Audit Plan
* Overall survey response