Risks surrounding data and analytics are the primary concerns of chief audit executives (CAEs) for 2019, said Gartner on Thursday.
Based on a survey of 144 CAE clients, Gartner said it has identified the major risks that boards, audit committees and executives need to prepare for in the coming year.
While the pursuit of digital business models to drive growth has increased the amount of data collected and processed by businesses at a time when public and regulatory scrutiny is very high, this has led to heightened risks around data governance, which CAEs plan to watch closely, Garner pointed out.
“Companies face major challenges in applying proper data governance, maximizing the value they get from data, and complying with the fragmented data regulation landscape,” said Malcolm Murray, vice president of audit research at Gartner. “Recent high-profile data breaches and increased public attention have raised the stakes for organizational accountability, and it’s only going to get tougher in 2019.”
Data governance, third parties, and data privacy
According to him, the top data and analytics risks that will concern audit executives in 2019 include data governance, third parties, and data privacy.
New data privacy regulations such as GDPR and high-profile breaches have expanded the compliance, financial and reputational risks of data usage and protection, but only 37% of organizations have formal data governance frameworks in place, said the advisory firm.
Companies can develop a data governance framework by first creating an inventory of data assets across the business and establishing a data classification policy, Gartner advised, adding that they should review data analytics training and talent assessments.
Third parties amplifies exposure to operational and regulatory risks
In addition, as companies increasingly rely on partnerships for digital initiatives, they are expanding their reliance on third parties — and fourth and fifth parties, if not even more, Gartner pointed out.
This amplifies their exposure to operational and regulatory risk, the advisory firm said.
While nearly 70% of CAEs report third-party risk as one of their top concerns, many organizations still struggle to account for and manage it, according to survey results.
To help mitigate this risk, organizations must increase visibility into the operations of third parties and strengthen their focus on third parties’ information security behaviors, Gartner said.
“Internal audit teams can help by evaluating third-party contracts and compliance efforts, as well as investigating regulatory requirements for third-party data handling,” Murray said.
Data privacy: GDPR compliance remains a challenge
As recent high-profile security breaches show their negative impact, data privacy has become a top concern for organizations across the board, said Gartner.
In response to GDPR enforcement uncertainty, companies must expedite implementation of GDPR mandates — such as transparency, consent and breach reporting — or risk regulatory fines and other sanctions, Gartner advised.
The firm predicts that more than half of companies affected by GDPR will not be in full compliance with it by the end of 2018.
“Data-related risks continue to evolve, and CAEs have a key role to play in helping companies implement clear frameworks and repeatable processes to navigate this ever-changing threat landscape,” Murray noted.
In addition to data and analytics, other risk themes CAEs are watching closely for 2019 include IT vulnerabilities, risks stemming from cost and growth pressures, and the vastly shortened planning horizon that executives face, the advisory firm said.