More than 90 percent of internal audit leaders say their departments understand the risks associated with cybersecurity and a majority are providing some support to their organizations. However, few are comprehensively addressing the risks, according to new findings released by The Institute of Internal Auditors.
Meanwhile, nearly half of the organizations surveyed have made investments to effectively manage big data, and culture remains an underlying cause of governance problems, according to the survey.
“Internal Audit must continue to focus on key emerging issues, particularly technology and organizational culture,” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “While the profession is making clear strides, there remain opportunities for improvement as internal auditors work to more comprehensively address technology risks associated with cybersecurity and big data, as well as the risks associated with culture.”
Survey results were based on 2,254 responses of internal audit professionals from 111 countries and territories. Fifty-two percent of respondents are the highest-ranking member of the internal audit department, or directors/senior managers reporting to the CAE.
While survey respondents overwhelmingly indicate their understanding of cyber risks, one in four reported that they have not audited cybersecurity in their organizations.
A solid majority of internal audit leadership (89 percent) agree that their internal audit department understands the risks associated with organizational culture, but only about one-quarter (28 percent) say they are actually auditing culture.
Many are now saying that, for internal audit to be truly effective, it needs to elevate its profile and be viewed across the organization as a “trusted adviser.”
However, the majority (66 percent) of internal audit leaders reported not often being asked to participate in major organizational change initiatives, and nearly one third are never invited to join a full board meeting. Only 26 percent of CAEs said they believe they are perceived as a member of executive management, according to the survey.
“The next wave of evolution has arrived: that of elevating to trusted adviser status,” Chambers said. “The road ahead will require a dedicated effort, as well as changing dynamics in terms of valued skills and coveted talents. It is a path that internal audit’s stakeholders are beginning to recognize and embrace.”