2021 IT Audit Benchmarking Survey
In September/October 2020, ISACA and Protiviti conducted a global survey of more than 7,400 IT audit and risk leaders and professionals to obtain their perspectives on the top technology risks their organizations will face in 2021. We also addressed the impact of the COVID-19 global pandemic as well as ongoing digital transformation efforts.
The results are enlightening, with cybersecurity and privacy issues, regulatory compliance, data, disaster recovery, and other pandemic-driven concerns ranking among the top technology risks for organizations globally. Interestingly, the top technology risk issues are generally consistent across different industries and regions, yet there are noticeable differences between organizations we classify as Digital Leaders and other organizations. The risks, which reflect our current times, provide a clear roadmap for IT audit functions as to where they should focus their attention and energy in 2021.
From their commitment to continual risk assessments to their perception of virtually all technology risk issues to be more significant compared to other organizations, Digital Leaders are able to see their organization in different ways, which is to their advantage.
Our notable findings:
- Security, privacy and resilient technologies dominate the top technology risks – These issues, which already were top-of-mind risks for most organizations, have been heightened by pandemic-driven times of remote work and new business processes, as well as increasing connectivity via the Internet of Things (IoT). The highest-rated risks also represent higher-velocity issues for organizations.
- Digital Leaders stand out – Organizations at a higher level of digital maturity, understanding the need for dynamism in the current business environment, generally view the top technology risks to be more significant compared to other organizations, and they are far more likely to perform continuous audit risk assessments.
- COVID-19 and digital transformation are driving more frequent technology risk assessments – As expected, IT audit groups are refreshing technology risk assessments more frequently in response to pandemic-related impacts and digital transformation-driven changes in the organization.