A recent survey has found that 75 percent of technology audit leaders and professionals consider cybersecurity to be a high-risk area. While only 28 percent of them believe that artificial intelligence (AI)—including generative AI and machine learning—pose significant threats to their organizations in the next 12 months, 54 percent believe they will present substantial risks in the coming two to three years. The Institute of Internal Auditors, in partnership with business consultancy Protiviti, conducted the 11th annual Global Technology Audit Risks Survey in the second and third quarters of 2023. The respondents included chief audit executives and information technology audit leaders.

The report also indicated that 11 percent of the respondents' organizations performed fewer than one technology audit per year, 28 percent performed one to two audits, and 25 percent performed three to five audits. Protiviti categorized these as low-frequency IT auditing organizations. In addition, 19 percent performed 6 to 12 technology audits per year, and 14 percent performed more than 12 audits. These were labeled as high-frequency IT auditing organizations. 

Comparing the perceived threat of technology risks in the next we months among chief audit executives and IT audit directors vs. all other respondents, Protiviti reported the following:

• 82 percent of chief audit executives and IT audit directors found cybersecurity to be a significant threat, vs. 67 percent of other responsdents.

• 67 percent of chief audit executives and IT audit directors found third parties/vendors to be a significant threat, vs. 54 percent of other responsdents.

• 64 percent of chief audit executives and IT audit directors found data governance and integrity to be a significant threat, vs. 48 percent of other responsdents.

• 62 percent of chief audit executives and IT audit directors found transformations and system implemmentations to be a significant threat, vs. 48 percent of other respondents.

The report noted other key findings:

• The talent gap in IT is a growing concern.

• Data privacy is a growing regulatory challenge.

• Data governance and transformation are of significant concern.

• Navigating the complex landscape of third-party vendor risk is a challenge.

• More frequent auditing drives risk preparedness.

Based on the survey results Protiviti listed several high-level actions for technology audit teams to consider They include the following: 

• Increase audit frequency for high-impact areas.

• Maintain vigiliance.

• Leverage advanced analytics for deeper insights.

• Assess perceived threat levels.

• Seek new ways to help improve organization preparedness

• Improve internal audit's ability to address its talent management issues that pose significant risks to the organizations.

• Prioritize nextgen cyberthreats today.

• Act now on AI.

• Integrate environmental, social and governances (ESG) risks into audit plans.