1. Privacy compliance will be a key focus for internal audit

Third-party risk management will become a concern

Download 23,52 Kb.

bet	4/6
Sana	29.04.2022
Hajmi	23,52 Kb.
	#592248

1 2 3 4 5 6

Bog'liq
ички аудит тенденсияси

6. Internal audit will play a key role in digital business transformation.

5. Third-party risk management will become a concern.
Reliance on third-party vendors for essential business functions continues to grow. According to the Ponemon Institute, companies share confidential information with an average of 583 third parties, and approximately 59% of companies say they’ve experienced a data breach in the past year due to a third party or vendor. Many organizations are unsure where their data goes or who has access to it once it is shared with a third party, which can lead to noncompliance, penalties, legal action, and reputational damage.
As third-party relationships increase an organization’s exposure to new risks, formalizing an effective third-party risk management (TPRM) program to mitigate these risks will become a common practice in 2020. Internal audit can assist in this process by:

Reviewing the existing TPRM program to assess processes and controls, including third-party selection, contract negotiation, ongoing monitoring, and vendor termination
Validating that the TPRM program is meeting organizational concerns in various areas, such as data privacy, cybersecurity, contracts, business strategy, etc.
Evaluating management’s oversight of vendor performance and contractual obligations with the third party
Detecting critical or high-risk third parties and ensuring they are evaluated and monitored more frequently
Conducting an assessment of third-party risk management controls and recommending opportunities for improvement on lacking controls

6. Internal audit will play a key role in digital business transformation.
To keep up with the needs of an increasingly digital workplace, many organizations are going through a digital transformation, implementing new technologies and processes to make the business more efficient. For example, intelligent automation such as robotic process automation (RPA) is continuing to expand at a rapid clip and will play a key role in many businesses in 2020. RPA allows for tasks to be completed in a systematic manner, free from any variation, increasing efficiency and accuracy. As companies start this business transformation, internal audit must remain cognizant of the risks these technological changes bring with them. Despite the value that tools like RPA can bring, IA will need to help guide the company when considering the following:

How will access to data and systems be handled?
What controls will be put in place to monitor the performance of these tools?
Who will design and monitor the controls?
What processes will be implemented to prevent unauthorized access to these new systems and their sensitive data?

Ultimately, RPA can help IA and the business increase productivity, reduce risk exposure, and bring economic and workforce advantages; therefore, internal audit has the chance to position itself as a trusted partner for these transformation initiatives.
However, when making significant digital transformation changes, all areas of the organization will be affected. As business processes are redesigned and automated, CAEs and their audit teams should be involved in executive management and board-level discussions. Since IA understands the risks of RPA and the added value and opportunity that automation can bring to an organization, it can provide a blueprint for the successful implementation of these digital business transformation initiatives.

Download 23,52 Kb.

Do'stlaringiz bilan baham:

1 2 3 4 5 6