Audit chiefs flag IT governance as top risk for 2021

COVID-19 has reshaped the risk landscape for chief audit executives, as they highlight IT governance to be the top risk for 2021 according to research by Gartner. A survey to identify the major risks facing boards, audit committees and executives found that a rapid shift to working from home has led organisations to jump years forward with their digital roadmaps in the space of just a few weeks.

This has spurred the rapid adoption of new technologies both on the employee and customer side, presenting new challenges to productivity, consumer preferences and guarding against security vulnerabilities. The Audit Plan Hot Spots Report revealed that IT governance is displacing data governance, which was the top entry for 2020 and is in second position for 2021.

Leslee McKnight, research director for the Gartner audit practice, said: “While the pandemic has created new challenges for audit executives to grapple with, what’s most notable is how the current environment has accelerated existing risk trends. The volatility and interconnectedness of the two most important risks – IT and data governance – also shines a light on the importance for firms to rethink their risk governance. Audit leaders should apply dynamic risk governance in order to rethink their approach to designing risk management roles and responsibilities.”

“The pandemic is forcing many audit and risk executives to address their organisation’s deficiencies in the most critical areas,” added McKnight. “Inadequate data governance and IT security practices will have even steeper consequences in the current environment than pre-pandemic, particularly when considering the types of data many organisations feel compelled to collect as a result of new health and safety measures.”

Gartner warns that CAEs need to assess how new technology adoption may be negatively impacting their IT departments’ plans, with IT support incident requests doubling in early 2020 to support a huge increase in work-from-home employees. Additionally, managing access rights for many more remote workers presents new risks such as ‘privileged user abuse’, which is expected to climb over the next 12 to 24 months according to a Gartner IT executive survey.

Gartner creates its annual Audit Plan Hot Spots report by combining input from interviews and surveys from across its global network of client organisations and experts.

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement