内部审计人员面临的最大风险

文章来源|ECONOMIA

据欧洲主要经济体78%的内部审计师称,网络攻击是企业面临的最大风险。


英国特许内部审计师协会(IIA)的调查显示,另外两大风险是监管改革(59%)和数字化(58%)。


这份报告是由比利时、法国、德国、意大利、荷兰、西班牙、瑞典、英国和爱尔兰的八个欧洲内部审计机构合作完成包括528份调查答复和对46名内部审计主管的访谈。


网络安全问题已经连续两年成为人们关注的焦点。在2018年,网络安全问题位列第二,而今年,将其列为前五大风险之列的人也增加了18%。


德国一家运输集团的一位首席执行官表示,该公司近年来将IT审计师数量增加了一倍,“以便能够彻底的保证审计网络的安全”。


与此同时,西班牙一家跨国银行集团的首席执行官表示,他们现在面临的挑战是:了解网络安全风险和控制的审计师现在正被其他机构挖走。


IIA首席执行官伊恩·彼得斯(Ian Peters)告诉城市晨报(City AM):“网络安全是我们经常在新闻上看到的一个问题,从盗窃5亿万豪酒店客人的个人信息,到泄露5000万Facebook用户身份的安全漏洞。


他还指出,由于英国退欧对监管的影响,英国和爱尔兰企业在名列第二的监管改革风险可能会增加。


该报告建议了企业采取了多种方式增强对网络威胁的应变能力,包括招聘一名内部或外部网络安全专家,以评估客服机器人能否抵抗入侵,以及评估云服务的安全性。


今年五月,德勤承诺将额外投入4.28亿英镑,以改善其网络安全能力。


同月的报告发现四大目前主导网络安全的招募。研究显示,毕马威每17名新员工中,就有一人担任保护网络安全的职责。




Cyber attacks biggest fear for internal auditors


Cyber attacks are the biggest risk facing businesses according to 78% of internal auditors across Europe’s major economies.


The other two major risks to businesses, according to the survey from the Chartered Institute of Internal Auditors (IIA), were regulatory change (59%) and digitalisation (58%).


The collaborative report between eight European Institutes of internal auditors in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden and the UK and Ireland included 528 survey responses and interviews with 46 heads of internal audit.


For the second year running cyber security has topped the list of concerns, and in 2018 it came second. This year also saw and 18% increase in those putting it among their top five risks.


One CEO of a German transport group said the company in recent years had had doubled the number of IT auditors “in order to be able to thoroughly audit cyber security”.


Meanwhile, the CEO of a Spanish multinational banking group said that the challenge they’re now facing is that auditors who understand cyber security risk and controls are now being attracted away from the bank.


“Cyber security is a problem we regularly see on the news from the theft of 500 million Marriott hotel guests’ personal information, to the security breach which exposed 50 million Facebook user identities,” Ian Peters, chief executive of IIA told City AM.


He also pointed out that the risks from regulatory changes, second on internal auditors’ lists, was likely to increase for UK and Irish business due to the impact of Brexit on regulation.


The report recommended various ways for businesses to increase their resilience to cyber threats, including by recruiting an internal or external cyber security expert; assessing how customer services chatbots are protected against breaches and by assessing security of cloud services.


In May, Deloitte committed to spending an additional £428m on improving its cyber security capabilities, saying it will hire 500 new staff.


That same month reports found that the Big Four currently dominate cyber security recruitment, with the research showing for example that of every 17 new recruits to KPMG one is for a cyber security role.