Internal auditors challenged by cyber-security, data quality

By Ken Tysiac

Please note: This item is from our archives and was published in 2016. It is provided for historical reference. The content may be out of date and links may no longer function.

About half of internal audit leaders lack confidence in their staffs’ cyber-security expertise, and nearly half say internal audit has little or no involvement in evaluating the quality of data used in their organisation, according to a new survey.

Fifty-two per cent of the nearly 500 respondents to The Institute of Internal Auditors (IIA) North American pulse survey said that a lack of cyber-security expertise amongst internal audit staff very much or extremely affects internal audit’s ability to address cyber-security risk.

Just one-quarter of respondents who reported having a business continuity plan said their plan provides clear, specific procedures in response to a data breach. And 17% said their plans provide no data breach or cyber-attack procedures at all.

With regard to cyber-security, internal audit organisations primarily are focused on prevention. More than half (53%) of respondents said prevention efforts, such as hardening interior or external barriers, are the most effective method for addressing a cyber-attack.

“In the face of a cyber-attack, addressing business continuity and reputational risk are paramount, yet few organisations are taking time to think beyond prevention,” IIA President and CEO Richard Chambers said in a news release. “The IIA has been promoting cyber resiliency – the concept of addressing the full spectrum of prevention, detection, reaction, and restoration – for some time, so these findings are particularly alarming.”

Meanwhile, 47% of respondents said internal audit is slightly or not at all involved in evaluating the quality of data used in their organisation. Nearly one-quarter (23%) said they are slightly or not at all confident in their organisations’ data-based strategic decisions.

Other findings

  • The percentage of internal audit chiefs who report functionally to the audit committee or board of directors has risen (83%, up from 76% in 2013).
  • More than one-third (35%) project increases in their next internal audit budget, and more than half (55%) expect their next budget to remain the same as the current budget.
  • One-fourth expect internal audit staffing to increase, and 71% project that staffing will remain the same.

Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine editorial director.

Up Next

UK temporary hiring rebounds for first time since 2024

By Steph Brown
November 14, 2025
A rise in temporary billings and a softer fall in permanent placements point to increased stability in the UK, but cautious hiring prevails, according to a monthly report.
Advertisement

Most Read

3 common types of difficult people — and how to work better with them
How to land a finance job in the age of AI-enabled hiring
Gen Z workers looking for new skills, purpose — along with a new job
Compatibility Versions in Excel: What you need to know
Change fatigue’s causes, effects, and solutions

LATEST STORIES

How finance can start the journey to a circular business model

Balancing projects and daily work: 3 time-saving strategies

3 actions for finance leaders to improve public sector productivity

UK temporary hiring rebounds for first time since 2024

AI and cloud convergence is key, but scaling lags

Advertisement
Read the latest FM digital edition, exclusively for CIMA members and AICPA members who hold the CGMA designation.
Advertisement

Related Articles

Transformation-focused companies are outpacing others in AI

November 10, 2025 Organisations using AI to redesign workflows at an enterprise level achieve higher customer satisfaction and profitability than companies fixed on efficiency.

FCA to undertake UK supervisory role for accountancy services firms

October 22, 2025 In a statement, CIMA affirmed continued supervisory support for its members in practice while the regulator’s anti-money laundering model is in development.