Gartner Says Data and Analytics Risks Are Audit Executives’ Prime Concerns for 2019
Annual Audit Plan Hot Spots Report Reveals Multiple Risks and a Lack of Preparation Around
Corporate Data and Analytics Efforts
Risks surrounding data and analytics are the primary concerns of chief audit executives (CAEs) for 2019, according to Gartner,
Inc. Based on a survey of 144 CAE clients, Gartner has identified the major risks that boards, audit committees and executives need
to prepare for in the coming year.
Pursuit of
digital business models to drive growth has increased the amount of data collected and processed by businesses at a time when
public and regulatory scrutiny is very high. This has led to heightened risks around data governance, which CAEs plan to watch
closely.
“Companies face major challenges in applying proper data governance, maximizing the value they get from data, and complying with
the fragmented data regulation landscape,” said Malcolm Murray, vice president of audit research at Gartner. “Recent high-profile
data breaches and increased public attention have raised the stakes for organizational accountability, and it’s only going to get
tougher in 2019.”
Mr. Murray shared the top data and analytics risks that will concern audit executives in 2019:
-
Data governance: New data privacy regulations such as
GDPR and high-profile breaches have expanded the compliance, financial and reputational risks of data usage and protection.
Although data-driven business strategies are necessary to increase efficiency and competitiveness, only 37 percent of
organizations have formal data governance frameworks in place.
As the complexity and volume of data increases, companies should implement formal data governance frameworks to mitigate the
risks caused by security threats and privacy issues. Companies can develop a framework by first creating an inventory of data
assets across the business and establishing a data classification policy. In addition, they should review data analytics
training and talent assessments.
- Third parties: As companies increasingly rely on partnerships for digital initiatives, they
are expanding their reliance on third parties — and fourth and fifth parties, if not even more. This amplifies their exposure to
operational and regulatory risk. Nearly 70 percent of CAEs report third-party risk as one of their top concerns, but many
organizations still struggle to account for and manage it.
To help mitigate this risk, organizations must increase visibility into the operations of third parties and strengthen their
focus on third parties’ information security behaviors. Internal audit teams can help by evaluating third-party contracts and
compliance efforts, as well as investigating regulatory requirements for third-party data handling.
-
Data privacy: Although data can confer competitive advantages, recent high-profile security breaches show the negative
impact of data privacy failures. In fact,
data privacy is a top concern for organizations across the board.
In response to GDPR enforcement uncertainty, companies must expedite implementation of GDPR mandates — such as transparency,
consent and breach reporting — or risk regulatory fines and other sanctions. Organizations must also take steps to regain
customers’ trust, or suffer a potential loss of customers. Gartner has predicted that more than half of companies affected by
GDPR will not be in full compliance with it by the end of 2018.
“Data-related risks continue to evolve, and CAEs have a key role to play in helping companies implement clear frameworks and
repeatable processes to navigate this ever-changing threat landscape,” said Mr. Murray.
In addition to data and analytics, other risk themes CAEs are watching closely for 2019 include IT vulnerabilities, risks
stemming from cost and growth pressures, and the vastly shortened planning horizon that executives face.
Gartner creates its annual Audit Plan Hot Spots report by combining input from interviews and surveys from across its global
network of client organizations and experts. Read more in the
Audit Plan Hot Spots report. Gartner clients can find more information and download various related resources at
Gartner’s Audit Leadership Council home page.
About the Gartner Audit Leadership Council
The Gartner Audit Leadership Council helps audit directors and their teams build plans that drive results, strengthen department
capabilities, and minimize exposure to fraud and risk. Learn more at
https://www.gartner.com/en/risk-audit/audit-leaders.
About Gartner
Gartner, Inc. (NYSE:IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business
leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful
organizations of tomorrow.
Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions
on the issues that matter most. We are a trusted advisor and objective resource for more than 15,000 organizations in more than 100
countries — across all major functions, in every industry and enterprise size.
To learn more about how we help decision makers fuel the future of business, visit
gartner.com.
![](http://cts.businesswire.com/ct/CT?id=bwnews&sty=20181025005066r1&sid=mstr3&distro=nx&lang=en)
Gartner
Rob van der Meulen, +44 1784 267 892
rob.vandermeulen@gartner.com
View source version on businesswire.com: https://www.businesswire.com/news/home/20181025005066/en/