Cybersecurity, Privacy, Data and Regulatory Compliance Rank as Top IT Audit Risks

MENLO  PARK, Calif. (June 28, 2022) — A new survey conducted  by Protiviti and ISACA found that cybersecurity is the chief risk for IT audit  departments, with several related risks such as privacy and data as well as regulatory  compliance also ranking as top concerns.

Responses  to this year’s edition of the annual technology and audit benchmarking survey,  titled “IT Audit Perspectives on Today’s Top Technology Risks,” indicate that  IT audit teams are perceiving the current technology risk landscape as much  more threatening than in the past. War-related cyberattacks are on the rise, the  surge of sophisticated ransomware attacks is ongoing and remote work continues  to subject many organizations to new cybersecurity risks. Yet despite  heightened concerns, the survey revealed that one in five organizations do not  expect their 2022 audit plans to address the risk of cybersecurity breaches.

“Given the  increasingly complex and rapidly changing technology risk landscape we’re in,  it’s imperative for IT audit leaders to understand they are responsible for  maintaining a holistic view of IT risks impacting the entire organization,”  said Angelo Poulikakos, a managing director at Protiviti and global leader of  the firm’s Technology Audit practice. “This requires tech-enablement from an  audit standpoint and regular calibration of risk assessments to suit the  current environment, rather than ‘rinsing and repeating’ the work from previous  years.”

“The  elevated cybersecurity concerns evidenced in this year’s survey underscore that  cyber threats are no longer concentrated within specific industries. This is an  industry agnostic concern, and every organization should be mobilizing to  protect itself. While IT audit teams may not be on the front lines managing  these risks, it’s essential that they take a proactive approach to regularly  assess the efficacy of these efforts while confirming the proper controls and  protections are in place,” added Poulikakos.

The Top 10 IT Audit Risks for 2022

The survey asked respondents to rate the significance of 39 technology risk issues. Of those, the top 10 IT audit risks identified were as follows:

1) Cyber breach
2) Manage security incidents
3) Privacy
4) Monitor regulatory compliance
5) Access risk
6) Data integrity
7) Disaster recovery
8) Data governance
9) Third-party risk
10) Monitor/audit IT, legal and regulatory compliance

The top risks cited in this year’s survey highlight the vital yet sensitive role that data plays in organizations today, with respondents expressing significant concerns regarding the way in which data is gathered, governed and secured. Respondents also demonstrated that IT audit professionals are acutely aware of the evolving compliance requirements facing their organizations, related to data stewardship, industry  standards, and national and regional requirements.

“With a global focus on data regulation,  it may be easy to view data solely through a lens of compliance,” said Paul  Phillips, ISACA director of Event Content Development and Risk Professional  Practice lead. “However, consumer concern with how their data are used and  stored and other operational matters that can quickly become reputational  matters must not be discounted. As IT auditors assess risk and evaluate  controls associated with data, the tremendous organizational value (and responsibility)  of data and the importance of trust should always be top of mind.”

The benchmarking report is based on a  survey, fielded in the fourth quarter of 2021, of over 7,500  IT audit leaders and professionals,  including chief audit executives (CAEs) and IT audit vice presidents and directors,  representing a wide range of industries globally. The survey was conducted in  collaboration with ISACA, a global professional association of more than 165,000  digital trust professionals.

Survey  Resources Available
“IT Audit  Perspectives on Today’s Top Technology Risks” is available for complimentary  download, along with an infographic and podcast about the survey results, here. On July  28, 2022, at 11:00 a.m. PDT, Protiviti will host a free one-hour webinar to  further explore the implications of the survey. Featured speakers will be Poulikakos,  Phillips and Maeve Raak, a director in Protiviti’s Technology  Audit practice. Please register here to attend the webinar.

About Protiviti

Protiviti ( is a global consulting firm that  delivers deep expertise, objective insights, a tailored approach, and  unparalleled collaboration to help leaders confidently face the future.  Protiviti and its independent and locally owned Member Firms provide clients  with consulting and managed solutions in finance, technology, operations, data,  digital, legal, governance, risk and internal audit through its network of more  than 85 offices in over 25 countries.

Named to the 2022 Fortune 100 Best Companies to Work For® list,  Protiviti has served more than 80 percent of Fortune 100 and  nearly 80 percent of Fortune 500 companies. The firm  also works with smaller, growing companies, including those looking to go  public, as well as with government agencies. Protiviti is a wholly owned  subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert  Half is a member of the S&P 500 index.


ISACA® ( is a global community advancing individuals and  organizations in their pursuit of digital trust. For more than 50 years, ISACA  has equipped individuals and enterprises with the knowledge, credentials,  education, training and community to progress their careers, transform their  organizations, and build a more trusted and ethical digital world. ISACA is a  global professional association and learning organization that leverages the  expertise of its more than 165,000 members who work in digital trust fields  such as information security, governance, assurance, risk, privacy and quality.  It has a presence in 188 countries, including 225 chapters worldwide. Through  its foundation One In Tech, ISACA supports IT education and career pathways for  underresourced and underrepresented populations.