Protiviti partnered with The Institute of Internal Auditors (IIA) to conduct its 11th annual Global Technology Audit Risks Survey in the second and third quarters of 2023. The objective of this survey is to explore the top technology risks organizations face, as perceived by technology audit leaders and professionals. Additionally, it explores the practices, processes and tools employed to help enterprises identify, manage and mitigate these risks. A total of 559 executives and professionals, including chief audit executives (CAEs) and information technology (IT) audit directors, completed the online survey.

This report, summarizing the survey results, functions as both a mirror and a road map. It provides insights into the current state of technology risks while also guiding technology audit leaders and teams through the challenges and opportunities that lie ahead. Additionally, within the report, we offer key calls to action aimed at assisting IT audit leaders and teams in taking their technology audits to the next level.

Key findings include:

• The talent gap in IT is a growing concern. While respondents report that their IT audit teams are moderately proficient at effectively evaluating IT talent management and the perceived threat associated with attracting, developing and retaining skilled technology personnel ranks in the middle of the pack compared to other risks, enterprise preparedness remains relatively low.
• Data privacy is a growing regulatory challenge. Data privacy regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and forthcoming legislation in other jurisdictions are adding layers of complexity to technology risk management. Our survey shows that while many respondents are confident in their organization’s cybersecurity measures, fewer are equally confident in data privacy compliance.
• Data governance and transformation are of significant concern. CAEs and IT audit leaders are concerned about ensuring the accuracy, consistency and trustworthiness of their data. Proper data governance is not just a compliance requirement — it also represents the foundation for successful digital transformations and AI initiatives.