The increase in data complexity and heightened stakes for managing and protecting data has emerged as the biggest concern for audit executives, said US-based technology research firm Gartner’s annual ‘Audit Plan Hot Spots’ report.
The report found that data governance has risen to the top spot of chief audit executives’ or CAEs’ concerns, up from second place in last year’s report, replacing cybersecurity preparedness, as organisations continue to collect customer and employee data.
“Despite the strategic importance of data, organizations have been slow to adopt data governance frameworks, putting them at risk of large fines, of poor strategic decision making and of misallocation of critical resources. Data management failures have drawn regulatory and public scrutiny, leading to increased regulatory burdens and pressure on organizations and their use of data,” said Malcolm Murray, vice president for the Gartner Audit practice.
The top three risks audit executives must prepare for in 2020 include data governance, third-party ecosystems and cyber vulnerabilities.
The survey also said that CAEs are watching risks around increased organisational complexity, digital business transformation and geopolitical and regulatory volatility.
The top 10 hot spots for 2020 are data privacy, risk culture and decision-making, project management, IT governance, regulatory developments, organizational resilience and supply chain, the report added.
“Risk management is critical to identifying, mitigating and responding to potential disruptions. Organisations that do not continuously work on strengthening their risk management and resiliency practices hinder their ability to recover and rebound from inevitable business disruptions,” said Leslee McKnight, research director in Gartner’s Audit Practice.
The annual report is made by combining inputs from interviews and surveys from across its global network of client organisations and experts, Gartner said.
The Gartner Audit practice helps audit directors and their teams build plans that drive results, strengthen department capabilities, and minimize exposure to fraud and risk.