Data-Related Issues Feature Among Top 2019 Risks for Internal Audit

4 critical risk themes emerge as internal audit teams prepare for 2019, and data issues loom large.

The growing strategic importance of data is a critical emerging risk area for heads of internal audit in 2019, as shown the Gartner annual Audit Plan Hot Spots report.

“Cybersecurity, data governance, third parties and data privacy top the list of risks for which heads of audit will need to provide assurance,” says Malcolm Murray, VP, Team Manager at Gartner.

The Hot Spots report combines input from interviews and surveys with over 200 respondents across Gartner’s global network of client organizations with extensive expert research to identify key risks for organizations. In 2019, four major themes underlie the emerging risks that are most important for internal audit to assure:

  1. Strategic importance of data
  2. IT vulnerabilities
  3. Cost and growth pressures
  4. Shortened planning horizon

Strategic importance of data

Organizations that effectively leverage data can increase competitive advantage, unlock business value and support compliance efforts. However, big data creates potentially big risks in terms of data quality, protection and responsible use.

  • Most organizational data is riddled with errors, so business decisions are often made using low-quality data. At the same time, most organizations still lack data governance frameworks or face implementation challenges that severely hamper their ability to leverage big data.
  • Data privacy is a perennial concern, with increased regulations and public scrutiny exposing firms to fines, sanctions and loss of customer trust.
  • Although considerations of bias and ethics in digital initiatives often take a back seat, regulators and consumers alike are starting to demand more accountability for ethics and integrity from organizations and forcing them to rethink their approach to digital capabilities.
2019 Audit Plan Hot Spots
Is your internal audit department prepared?
Download Free Report

IT vulnerabilities

New technologies, such as chatbots and the Internet of Things (IoT), and the complexity of technology infrastructures broaden access points into the organization and increase the risk of outages — which can cripple productivity, reduce revenue and damage the organization’s brand.

Organizations must not overlook security concerns in their efforts to leverage the benefits of these advanced technologies.

  • Cyberattacks, a reality for almost every organization today, can create significant financial loss, reputational damage and potential compliance issues. As threats continue to multiply and new technologies broaden the organization’s attack surface, cybersecurity preparedness is critical.
  • Cloud computing undoubtedly helps companies save money, but it involves moving significant amounts of sensitive and highly valuable data to the cloud. This potentially creates risks such as data loss, outages and inappropriate data access because organizations only have limited visibility into cloud providers’ activities.

Read more: Cloud Computing Tops List of Emerging Risks

Cost and growth pressures

Competitive disruption has fueled digitalization efforts as organizations look to expand into new sectors and redesign business strategies. More organizations are adopting advanced technologies like AI and robotic process automation to improve the efficiency and capability of business operations, as well as to maintain their competitive edge. However, in seeking cost efficiencies and adopting new growth strategies, organizations must not weaken the control environment or deprioritize governance and oversight.

  • As organizations try to remain competitive and relevant in the digital marketplace, they rely more and more on third parties. These interconnected relationships amplify operational and regulatory risk exposure.
  • The rapid pursuit of digital business transformation brings the risk of reduced governance and oversight as well as unintended consequences of increased fraud and potential resource waste in organizations.
  • Acquisitions are one way for organizations to increase their digital capability and head off disruptive competitors. However, cultural and regulatory differences — as well as lax cyber due diligence — are making acquisition integration more difficult to execute successfully.

Shortened planning horizon

The number of disruptions threatening business operations continues to grow, and instability threatens to precipitate economic decline and increase regulatory fragmentation. This environment makes scenario planning more complex, and makes it harder for organizations to develop long-term strategies.

  • Increased regulatory scrutiny in established areas combined with regulatory uncertainty in emerging areas like the digital economy make it difficult for organizations to form long-term strategies and meet compliance requirements.
  • The number and scale of both internal and external factors that can disrupt business operations continue to rise, but many organizations are poorly prepared to maintain critical business operations in the event of a disruption. A lack of operational resilience erodes business value and competitiveness.
  • The global trade system faces the highest level of uncertainty in decades, with tariffs threatening organizations, supply chains and growth strategies. Many companies have already begun to feel the consequences of trade restrictions.

Gartner Audit Leadership Council members can read more in 2019 Audit Plan Hot Spots.