Cybersecurity and privacy rating high for auditors in recent survey, analytics implementation trailing–reflecting wider industry research

ACL recently conducted a survey to better understand auditor’s challenges and what they expect to see as emerging priorities in 2019. Many of the survey results echoed wider industry research and indicated clear gaps in analytics implementation. Evolving priorities of cybersecurity, privacy, and other emerging risk categories also dominated survey responses. Looking forward into 2019, respondents felt the year would be focused on cybersecurity and data privacy, data analysis, and ways to improve SOX management.

Demographic details

The survey attracted 291 unique responses. Breaking the results down by industry, the largest portion of respondents came from financial services (21%), with government (17%), services (11%), healthcare (8%), insurance (5%), and manufacturing (6%) rounding out the top five.

Respondents by industry – click to enlarge

Nearly half of all respondents identified their job role as internal audit. Team sizes varied depending on job function and industry, with 35% of respondents reporting a team size of 4-10 and 32% from teams of 11-50 people. The large majority of respondents came from internal audit and accounting and finance functions.

Analytics implementation

Analytics implementation varied by industry and department, with 29% of respondents undertaking repeatable but not automated analytics, and 28% having using ad-hoc audit analytics. One-fifth of respondents hadn’t yet implemented any analytics program and just 2% of respondents had reached an advanced predictive analytics stage. These results reflect research by PwC in its 2018 State of the Internal Audit Profession, where respondents reported low use of analytics testing procedures, with most auditors revealing that they felt they were behind the technology implementation curve.

Respondents’ current data analytics implementation – click to enlarge

As can be seen in the below graph, financial services led in three of the categories: ad-hoc, repeatable but not automated, and robotic process automation (RPA). Financial services was one of only four industries using RPA, but implementation across the responses was still quite low.

Government, finance, and healthcare are all undertaking large amounts of ad-hoc analytics. The financial services and government sectors were both well ahead of other industries in the category of repeatable but not automated analytics, suggesting the more advanced nature of analytics programs in these settings, and that these industries are starting to see the benefits of RPA and predictive analytics.

Analytics maturity by industry – click to enlarge

Financial services was dramatically ahead of other industries for RPA, likely due to the largely repetitive nature of many of the accounting and finance-related tasks. Adoption across the other industries was significantly lower and very similarly balanced across the next two industries, services and government.

RPA and machine learning adoption by industry – click to enlarge

If you relate to one of the 29% who are undertaking ad-hoc repeatable but not automated analytics, we know you’re already well aware of the value of analytics. Read about how our robotic process automation can make your job easier.

What are the biggest challenges in 2019?

As mentioned, cybersecurity and data privacy rated highly, with nearly 55% of respondents citing these as their primary audit challenge in 2019. This also echoes recent research from Protiviti and ISACA, which revealed cybersecurity and privacy as growing audit concerns. This research is particularly relevant, as many organizations still fail to include cybersecurity measures in their audit plans, despite the increased focus. Operational risk assurance was a distant second, with auditing agile, and auditing/responding to ongoing regulatory changes rounding out the top four.

Respondents’ top challenges in 2019 – click to enlarge

While cybersecurity rated highly across all survey responses, particular industries identified it as more of a challenge than others. The top five included financial services, government, services, media and entertainment, and healthcare.

Cybersecurity and data privacy focus by industry – click to enlarge

Respondents’ top priorities for 2019

There was a wide range of responses to this open-ended question. We looked at all of the responses and found a number of consistent themes, including hiring and retaining skilled staff, increasing the value of internal audit to management, and fraud prevention. However, in looking at top responses, these are the top five categories:

  • cybersecurity/security/data privacy
  • managing SOX audits more efficiently
  • increasing data analysis skills/implementation
  • doing more with less, reducing audit time/automation
  • managing regulatory changes.

Does any of this sound familiar?

It’s clear from the survey research that auditors are under increasing pressures to address non-traditional risk areas like cybersecurity and privacy requirements, and that many still feel they’re under-resourced to meet these demands. Analytics implementation also appears to be behind where most respondents would like to be.

ACL can help. Let us show you how your organization can integrate technology into your GRC processes. Call 1-888-669-4225 or email

eBook: Don't navigate risky waters without internal auditors

Don’t Navigate Risky Waters Without Internal Auditors

This eBook gives guidance on leveraging data analytics for risk management, including risk-based audit planning, example analytics for identifying risk, and real customer stories.

Download eBook

Share This