Press Release


STAMFORD, Ct., November 9, 2021

Gartner Says Ransomware and Long-Term Economic Effects from COVID-19 Are Top Issues for Auditors in 2022

Analysts Identify the 12 Audit Plan Hot Spots for Next Year

Ransomware and the long-term effects of COVID-19 on markets and organizations are key items to cover in 2022 audit plans, according to Gartner, Inc. The Gartner 2022 Audit Plan Hot Spots report also identified evolving societal expectations for enterprises, such as environmental, social and governance (ESG) risks, and operational resilience as top risk areas for 2022.

“Ransomware attacks have become increasingly prevalent and sophisticated,” said Zachary Ginsburg, research director for the Gartner Audit and Risk practice. “They are becoming a top focus for both boards and management.”

Audit concerns about other digital and IT risks, such as data and analytics and IT governance, also reflect the increased importance of digital capabilities in the wake of COVID-19, and the need for rigorous assurance over associated risks. Many of the 12 risk hot spots – such as economic uncertainty, workforce management, and business continuity – relate to the ongoing effects of the COVID-19 pandemic.

2022 Audit Plan Hot Spots

  • Ransomware
  • Data and Analytics Governance
  • Digital Business Transformation
  • IT Governance
  • Third Parties
  • Business Continuity and Organizational Resilience
  • Environmental, Social and Governance (ESG)
  • Supply Chain
  • Strategy Execution
  • Workforce Management
  • Retention and Recruitment
  • Economic Uncertainty

“Ransomware is resulting in revenue and data loss, compromised data, reputational damage, significant operational disruption and more,” said Ginsburg. “Regardless of their size or revenue, organizations should assume they will be targeted with ransomware, and they should examine their prevention, detection, mitigation, response and recovery measures.”

Gartner experts recommend five initial steps for auditors to provide assurance over their organizations’ efforts to mitigate risk from ransomware attacks:

  • Evaluate Employee Security Training
  • Assess External Relationships for Ransomware Support Services
  • Review Ransomware Attack Response Plans
  • Assess Data Storage Policies
  • Review Service Provider Ransomware Attack Communication Protocols

Diverse Risk Landscape
Although ransomware should be a key concern for auditors in 2022, there are a lot of pressing risks covered within the 12 hot spots that must not be left unaddressed. Many relate to the ongoing economic impact of COVID-19, which has created huge turbulence in global markets.

“Global business operations continue to be disrupted by supply chain issues, shortages, and other ongoing market effects from the pandemic-era economy,” said Ginsburg. “These include fierce competition between organizations for talent, greatly increased shipping prices and times, and shortages of key goods such as semiconductors.”

ESG matters have also taken on a new momentum in recent times with enterprises making public commitments in this area, and social and investor activism reaching new levels of intensity. This is creating risks for companies that are not meeting the expectations of investors, regulators, consumers, prospective and current employees, and others.

“2022 looks like a year that will feature an especially diverse array of unpredictable and highly impactful risks. Audit will need increase its capacity to assess such risks and provide related assurance over them to keep up with a highly turbulent risk landscape,” said Ginsburg.

More detailed analysis is available to Gartner clients in the report 2022 Audit Plan Hot Spots.

Nonclients can learn more in 2022 Audit Plan Hot Spots.

About the Gartner Audit & Risk Practice
The Gartner Audit & Risk practice equips Audit & Risk leaders and their teams with insights, advice, and tools to better navigate high-risk growth decisions. Additional information is available at


About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission critical priorities. To learn more, visit