Data privacy is becoming one of the most talked about topics among compliance and auditing practitioners. A short while ago I blogged about the need for strong policies and security measures geared toward data protection. Our partner Grant Thornton has release results of a new survey, “Rising to new challenges: The view from the office of the CAE,” on the current state of the chief audit executive, and the report points out two important factors that CAE’s need to embrace in order to be successful (including data privacy).
First off, there is that ongoing risk posed by cloud computing and cybersecurity threats. As Grant Thornton outs it, “The ability to achieve growth goals is at risk without protected data and secure processes.” Half of the execs surveyed said that they did not have cloud computing factored into their audit plans, and that’s somewhat disturbing. Sixteen percent had to report a breach sometime during the last year.
Almost half of the respondents believe threats will come from external sources, and while data security should focus efforts there, the combined corporate compliance, auditing and security functions must implement the strongest control measures they can to prevent data compromise from within the organization. One way to do that is to align with security teams to identity those measures and make sure that corporate policy and training support those measures.
In a related survey by PwC, data privacy and security ranked right up there with the economy, competition, and regulation as being key risk areas.
Another area where Grant Thornton sees the need for improvement is in how chief auditors leverage the power of technology to do their jobs. The survey found that four out of five respondents weren’t using a GRC tool in their auditing process. This is interesting, because 64% said that they rely on data analytics, and integrated GRC provides the monitoring, trending analysis and tracking systems to answer both of these needs.
These numbers from Grant Thornton seem to match up with what KPMG found in their Convergence Evolution report. Take a look back at my earlier blog series GRC: Come Together, Right Here, Right Now to hear more about integrated GRC.