Internal auditors challenged by cybersecurity, data quality

By Ken Tysiac

About half of internal audit leaders lack confidence in their staffs’ cybersecurity expertise, and nearly half say internal audit has little or no involvement in evaluating the quality of data used in their organization, according to a new survey.

Fifty-two percent of the nearly 500 respondents to The Institute of Internal Auditors (IIA) North American pulse survey said that a lack of cybersecurity expertise among internal audit staff very much or extremely affects internal audit’s ability to address cybersecurity risk.

Just one-quarter of respondents who reported having a business continuity plan said their plan provides clear, specific procedures in response to a data breach. And 17% said their plans provide no data breach or cyberattack procedures at all.

With regard to cybersecurity, internal audit organizations primarily are focused on prevention. More than half (53%) of respondents said prevention efforts, such as hardening interior or external barriers, are the most effective method for addressing a cyberattack.

“In the face of a cyberattack, addressing business continuity and reputational risk are paramount, yet few organizations are taking time to think beyond prevention,” IIA President and CEO Richard Chambers said in a news release. “The IIA has been promoting cyber resiliency—the concept of addressing the full spectrum of prevention, detection, reaction, and restoration—for some time, so these findings are particularly alarming.”

Meanwhile, 47% of respondents said internal audit is slightly or not at all involved in evaluating the quality of data used in their organization. Nearly one-quarter (23%) said they are slightly or not at all confident in their organizations’ data-based strategic decisions.

Other findings

  • The percentage of internal audit chiefs who report functionally to the audit committee or board of directors has risen (83%, up from 76% in 2013).
  • More than one-third (35%) project increases in their next internal audit budget, and more than half (55%) expect their next budget to remain the same as the current budget.
  • One-fourth expect internal audit staffing to increase, and 71% project that staffing will remain the same.

Ken Tysiac (ktysiac@aicpa.org) is a JofA editorial director.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.